Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://gofile.me/7wODs/99hfK37gz

Overview

General Information

Sample URL:https://gofile.me/7wODs/99hfK37gz
Analysis ID:1551323
Infos:

Detection

Annabelle
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Yara detected Annabelle Ransomware
Yara detected Powershell download and execute
AI detected suspicious URL
Creates a Image File Execution Options (IFEO) Debugger entry
Creates an undocumented autostart registry key
Deletes shadow drive data (may be related to ransomware)
Disable Task Manager(disabletaskmgr)
Disable Windows Defender real time protection (registry)
Disables UAC (registry)
Disables Windows system restore
Disables the Windows registry editor (regedit)
Disables the Windows task manager (taskmgr)
Machine Learning detection for dropped file
May disable shadow drive data (uses vssadmin)
Modifies existing user documents (likely ransomware behavior)
Modifies the windows firewall
Registers a service to start in safe boot mode
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Uses netsh to modify the Windows network and firewall settings
Allocates memory with a write watch (potentially for evading sandboxes)
Changes image file execution options
Creates or modifies windows services
Detected non-DNS traffic on DNS port
Drops PE files
HTML body contains low number of good links
HTML body with high number of embedded images detected
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 3740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1968,i,10755429677623246064,5653323172343234474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1968,i,10755429677623246064,5653323172343234474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gofile.me/7wODs/99hfK37gz" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • rundll32.exe (PID: 6888 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • Annabelle.exe (PID: 3912 cmdline: "C:\Users\user\Downloads\Annabelle.exe" MD5: 0F743287C9911B4B1C726C7C7EDCAF7D)
  • Annabelle.exe (PID: 3840 cmdline: "C:\Users\user\Downloads\Annabelle.exe" MD5: 0F743287C9911B4B1C726C7C7EDCAF7D)
    • vssadmin.exe (PID: 2132 cmdline: vssadmin delete shadows /all /quiet MD5: B58073DB8892B67A672906C9358020EC)
      • conhost.exe (PID: 2272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • vssadmin.exe (PID: 2420 cmdline: vssadmin delete shadows /all /quiet MD5: B58073DB8892B67A672906C9358020EC)
      • conhost.exe (PID: 2332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • vssadmin.exe (PID: 4960 cmdline: vssadmin delete shadows /all /quiet MD5: B58073DB8892B67A672906C9358020EC)
      • conhost.exe (PID: 2576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • netsh.exe (PID: 2352 cmdline: NetSh Advfirewall set allprofiles state off MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • conhost.exe (PID: 6256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_285JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000013.00000002.2555897052.00000257E5CE1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AnnabelleYara detected Annabelle RansomwareJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community, Andreas Hunkeler (@Karneades): Data: Command: vssadmin delete shadows /all /quiet, CommandLine: vssadmin delete shadows /all /quiet, CommandLine|base64offset|contains: vh, Image: C:\Windows\System32\vssadmin.exe, NewProcessName: C:\Windows\System32\vssadmin.exe, OriginalFileName: C:\Windows\System32\vssadmin.exe, ParentCommandLine: "C:\Users\user\Downloads\Annabelle.exe" , ParentImage: C:\Users\user\Downloads\Annabelle.exe, ParentProcessId: 3840, ParentProcessName: Annabelle.exe, ProcessCommandLine: vssadmin delete shadows /all /quiet, ProcessId: 2132, ProcessName: vssadmin.exe
      Sigma detected: CurrentVersion Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Downloads\Annabelle.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Downloads\Annabelle.exe, ProcessId: 3840, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup
      Sigma detected: CurrentVersion NT Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: RIP, EventID: 13, EventType: SetValue, Image: C:\Users\user\Downloads\Annabelle.exe, ProcessId: 3840, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger
      Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Downloads\Annabelle.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Downloads\Annabelle.exe, ProcessId: 3840, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for dropped file
      Source: C:\Users\user\Downloads\Unconfirmed 832167.crdownloadAvira: detection malicious, Label: TR/Ransom.mmuxy
      Source: C:\Users\user\Downloads\Unconfirmed 832167.crdownloadAvira: detection malicious, Label: TR/Ransom.mmuxy
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\Downloads\Annabelle.exe (copy)ReversingLabs: Detection: 86%
      Machine Learning detection for dropped file
      Source: C:\Users\user\Downloads\Unconfirmed 832167.crdownloadJoe Sandbox ML: detected
      Source: C:\Users\user\Downloads\Unconfirmed 832167.crdownloadJoe Sandbox ML: detected
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: Number of links: 0
      Source: https://gofile.me/7wODs/99hfK37gzHTTP Parser: Total embedded image size: 35143
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: Title: dsv-SynologyNAS does not match URL
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: <input type="password" .../> found
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: No <meta name="author".. found
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: No <meta name="author".. found
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: No <meta name="author".. found
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: No <meta name="author".. found
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: No <meta name="copyright".. found
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: No <meta name="copyright".. found
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: No <meta name="copyright".. found
      Source: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49880 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 1MB later: 9MB
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: global trafficTCP traffic: 192.168.2.16:49723 -> 1.1.1.1:53
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: gofile.me
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: synostatic.synology.com
      Source: global trafficDNS traffic detected: DNS query: global.quickconnect.to
      Source: global trafficDNS traffic detected: DNS query: 192-168-50-100.katiesix.direct.quickconnect.to
      Source: global trafficDNS traffic detected: DNS query: _5001._https.192-168-50-100.katiesix.direct.quickconnect.to
      Source: global trafficDNS traffic detected: DNS query: katiesix.direct.quickconnect.to
      Source: global trafficDNS traffic detected: DNS query: _5001._https.katiesix.direct.quickconnect.to
      Source: global trafficDNS traffic detected: DNS query: katiesix.synology.me
      Source: global trafficDNS traffic detected: DNS query: _5001._https.katiesix.synology.me
      Source: global trafficDNS traffic detected: DNS query: gofile-37774f4473.de9.quickconnect.to
      Source: global trafficDNS traffic detected: DNS query: signal4.fr.webrtc.quickconnect.to
      Source: global trafficDNS traffic detected: DNS query: _8831._https.signal4.fr.webrtc.quickconnect.to
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
      Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
      Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49880 version: TLS 1.2

      Spam, unwanted Advertisements and Ransom Demands

      barindex
      Yara detected Annabelle Ransomware
      Source: Yara matchFile source: 00000013.00000002.2555897052.00000257E5CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Deletes shadow drive data (may be related to ransomware)
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      May disable shadow drive data (uses vssadmin)
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Modifies existing user documents (likely ransomware behavior)
      Source: C:\Users\user\Downloads\Annabelle.exeFile deleted: C:\Users\user\Desktop\ZGGKNSUKOP\LIJDSFKJZG.mp3
      Source: C:\Users\user\Downloads\Annabelle.exeFile deleted: C:\Users\user\Desktop\DUUDTUBZFW\ZGGKNSUKOP.pdf
      Source: C:\Users\user\Downloads\Annabelle.exeFile deleted: C:\Users\user\Desktop\EOWRVPQCCS\EOWRVPQCCS.docx
      Source: C:\Users\user\Downloads\Annabelle.exeFile deleted: C:\Users\user\Desktop\EOWRVPQCCS\QCOILOQIKC.png
      Source: C:\Users\user\Downloads\Annabelle.exeFile deleted: C:\Users\user\Desktop\ZGGKNSUKOP\GIGIYTFFYT.xlsx
      Source: classification engineClassification label: mal100.rans.evad.win@37/94@30/218
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Users\user\Downloads\Annabelle.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2576:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2272:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6256:120:WilError_03
      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1968,i,10755429677623246064,5653323172343234474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gofile.me/7wODs/99hfK37gz"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1968,i,10755429677623246064,5653323172343234474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1968,i,10755429677623246064,5653323172343234474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1968,i,10755429677623246064,5653323172343234474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: unknownProcess created: C:\Users\user\Downloads\Annabelle.exe "C:\Users\user\Downloads\Annabelle.exe"
      Source: unknownProcess created: C:\Users\user\Downloads\Annabelle.exe "C:\Users\user\Downloads\Annabelle.exe"
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Windows\System32\vssadmin.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Windows\System32\vssadmin.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\netsh.exe NetSh Advfirewall set allprofiles state off
      Source: C:\Windows\System32\vssadmin.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\netsh.exe NetSh Advfirewall set allprofiles state off
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: mscoree.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: kernel.appcore.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: version.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: wldp.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: amsi.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: userenv.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: profapi.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: windows.storage.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: cryptsp.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: rsaenh.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: cryptbase.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: windowscodecs.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: dwrite.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: textinputframework.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: coreuicomponents.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: coremessaging.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: ntmarta.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: wintypes.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: wintypes.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: wintypes.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: sxs.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: mpr.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: scrrun.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: sspicli.dll
      Source: C:\Users\user\Downloads\Annabelle.exeSection loaded: textshaping.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: atl.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vssapi.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vss_ps.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: atl.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vssapi.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vss_ps.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: atl.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vssapi.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vsstrace.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\vssadmin.exeSection loaded: vss_ps.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
      Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
      Source: C:\Users\user\Downloads\Annabelle.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Users\user\Downloads\Annabelle.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

      Persistence and Installation Behavior

      barindex
      AI detected suspicious URL
      Source: EmailJoeBoxAI: AI detected Brand spoofing attempt in URL: URL: https://gofile-37774f4473.de9.quickconnect.to
      Source: EmailJoeBoxAI: AI detected Typosquatting in URL: URL: https://gofile-37774f4473.de9.quickconnect.to
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\3f9056fd-b335-41f8-b434-e44fc81d403e.tmpJump to dropped file
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 832167.crdownloadJump to dropped file

      Boot Survival

      barindex
      Creates a Image File Execution Options (IFEO) Debugger entry
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: RIP
      Creates an undocumented autostart registry key
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services USBSTOR
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services USBSTOR
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services SecurityHealthService
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services SecurityHealthService
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services WdNisSvc
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services WdNisSvc
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services WinDefend
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_CURRENT_USER\System\CurrentControlSet\Services WinDefend
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbui.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbui.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
      Registers a service to start in safe boot mode
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal MinimalX
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbui.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe Debugger
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry key created: HKEY_CURRENT_USER\System\CurrentControlSet\Services
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateBackup
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateBackup
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateBackup
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UpdateBackup
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run UpdateBackup
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run UpdateBackup
      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Downloads\Annabelle.exeMemory allocated: 257E42D0000 memory reserve | memory write watch
      Source: C:\Users\user\Downloads\Annabelle.exeMemory allocated: 257FDCE0000 memory reserve | memory write watch
      Source: C:\Users\user\Downloads\Annabelle.exeMemory allocated: page read and write | page guard

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Yara detected Powershell download and execute
      Source: Yara matchFile source: dropped/chromecache_285, type: DROPPED
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Users\user\Downloads\Annabelle.exe VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
      Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Users\user\Downloads\Annabelle.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Lowering of HIPS / PFW / Operating System Security Settings

      barindex
      Disable Task Manager(disabletaskmgr)
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: DisableTaskMgr 1
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: DisableTaskMgr 1
      Disable Windows Defender real time protection (registry)
      Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows DefenderRegistry value created: DisableRoutinelyTakingAction 1
      Source: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1
      Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1
      Disables UAC (registry)
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA
      Disables Windows system restore
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore DisableSR
      Disables the Windows registry editor (regedit)
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableRegistryTools
      Disables the Windows task manager (taskmgr)
      Source: C:\Users\user\Downloads\Annabelle.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr
      Modifies the windows firewall
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\netsh.exe NetSh Advfirewall set allprofiles state off
      Uses netsh to modify the Windows network and firewall settings
      Source: C:\Users\user\Downloads\Annabelle.exeProcess created: C:\Windows\System32\netsh.exe NetSh Advfirewall set allprofiles state off

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Windows Service      		1
      Windows Service      		1
      Masquerading      		OS Credential Dumping1
      Security Software Discovery      		Remote ServicesData from Local System2
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      Data Encrypted for Impact
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Browser Extensions      		1
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over Bluetooth1
      Inhibit System Recovery
      Email AddressesDNS ServerDomain AccountsAt211
      Registry Run Keys / Startup Folder      		211
      Registry Run Keys / Startup Folder      		71
      Disable or Modify Tools      		Security Account Manager12
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCron1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Process Injection      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchd11
      Image File Execution Options Injection      		1
      Bypass User Account Control      		1
      Rundll32      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
      Image File Execution Options Injection      		1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
      Extra Window Memory Injection      		1
      Bypass User Account Control      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      File Deletion      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
      Extra Window Memory Injection      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://gofile.me/7wODs/99hfK37gz0%Avira URL Cloudsafe

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\Downloads\Unconfirmed 832167.crdownload100%AviraTR/Ransom.mmuxy
      C:\Users\user\Downloads\Unconfirmed 832167.crdownload100%Joe Sandbox ML
      C:\Users\user\Downloads\Annabelle.exe (copy)87%ReversingLabsByteCode-MSIL.Ransomware.Annabelle
      C:\Users\user\Downloads\Unconfirmed 832167.crdownload100%AviraTR/Ransom.mmuxy
      C:\Users\user\Downloads\Unconfirmed 832167.crdownload100%Joe Sandbox ML

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      signal4.fr.webrtc.quickconnect.to
      		142.93.235.17
      		truefalse
        		unknown
        global.quickconnect.to
        		52.58.162.149
        		truefalse
          		unknown
          katiesix.synology.me
          		45.91.114.170
          		truefalse
            		unknown
            gofile.me
            		13.32.121.28
            		truefalse
              		unknown
              gofile-37774f4473.de9.quickconnect.to
              		138.199.37.169
              		truetrue
                		unknown
                www.google.com
                		142.250.184.228
                		truefalse
                  		high
                  synostatic.synology.com
                  		108.138.7.32
                  		truefalse
                    		unknown
                    192-168-50-100.katiesix.direct.quickconnect.to
                    		192.168.50.100
                    		truefalse
                      		unknown
                      katiesix.direct.quickconnect.to
                      		45.91.114.170
                      		truefalse
                        		unknown
                        _5001._https.katiesix.synology.me
                        		unknown
                        		unknownfalse
                          		unknown
                          _5001._https.192-168-50-100.katiesix.direct.quickconnect.to
                          		unknown
                          		unknownfalse
                            		unknown
                            _5001._https.katiesix.direct.quickconnect.to
                            		unknown
                            		unknownfalse
                              		unknown
                              _8831._https.signal4.fr.webrtc.quickconnect.to
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://gofile.me/7wODs/99hfK37gzfalse
                                  		unknown
                                  https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gzfalse
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    45.91.114.170
                                    		katiesix.synology.meNetherlands
                                    		7922COMCAST-7922USfalse
                                    52.58.162.149
                                    		global.quickconnect.toUnited States
                                    		16509AMAZON-02USfalse
                                    142.250.186.78
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.185.206
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    1.1.1.1
                                    		unknownAustralia
                                    		13335CLOUDFLARENETUSfalse
                                    108.138.7.32
                                    		synostatic.synology.comUnited States
                                    		16509AMAZON-02USfalse
                                    172.217.16.138
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.185.168
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    172.217.18.3
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    138.199.37.169
                                    		gofile-37774f4473.de9.quickconnect.toEuropean Union
                                    		51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRtrue
                                    142.93.235.17
                                    		signal4.fr.webrtc.quickconnect.toUnited States
                                    		14061DIGITALOCEAN-ASNUSfalse
                                    13.32.121.35
                                    		unknownUnited States
                                    		16509AMAZON-02USfalse
                                    74.125.206.84
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    13.32.121.28
                                    		gofile.meUnited States
                                    		16509AMAZON-02USfalse
                                    142.250.184.228
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    142.250.186.99
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse

                                    Private

                                    IP
                                    192.168.2.16
                                    192.168.2.18
                                    192.168.50.100

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1551323
                                    Start date and time:2024-11-07 16:21:29 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                    Sample URL:https://gofile.me/7wODs/99hfK37gz
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:33
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:1
                                    Technologies:
                                    • EGA enabled
                                    Analysis Mode:stream
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.rans.evad.win@37/94@30/218

                                    Warnings

                                    • Exclude process from analysis (whitelisted): svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 2.16.100.168, 142.250.186.99, 142.250.185.206, 74.125.206.84, 34.104.35.123
                                    • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • VT rate limit hit for: https://gofile.me/7wODs/99hfK37gz

                                    LLM Input / Output

                                    InputOutput
                                    URL: Model: claude-3-5-sonnet-latest
                                    {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}
                                    URL: URL: https://gofile.me
                                    URL: https://gofile.me/7wODs/99hfK37gz Model: claude-3-haiku-20240307
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Access, share, and collaborate on your files from any devices, anywhere. Take full ownership of your data and pay no subscription fees.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                    URL: https://gofile.me/7wODs/99hfK37gz Model: claude-3-haiku-20240307
                                    ```json
{
  "brands": [
    "Synology"
  ]
}
                                    URL: Model: claude-3-5-sonnet-latest
                                    {
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}
                                    URL: URL: https://gofile-37774f4473.de9.quickconnect.to
                                    URL: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gz Model: claude-3-haiku-20240307
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Download",
  "prominent_button_name": "Download",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                    URL: https://gofile-37774f4473.de9.quickconnect.to/sharing/99hfK37gz Model: claude-3-haiku-20240307
                                    ```json
{
  "brands": []
}
```

The provided image does not contain any visible brands. The image shows a simple white window with the text "Annabelle.exe" and a "Download" button, but no logos or other brand identifiers are present.
                                    URL: Model: claude-3-5-sonnet-latest
                                    {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                    URL: URL: https://quickconnect.to

                                    Created / dropped Files

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 14:22:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2673
                                    Entropy (8bit):3.9873096116286417
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:1210FFEE5FE79CD5DB4119F44BDF0B56
                                    SHA1:D53E188D6FAA5B3F1F354F28A40F21E55F4CC76D
                                    SHA-256:18BB167FD6F86E8BFE37F5F8DAB7D8FCA9BF0079F7E9F934B5821E379034CB18
                                    SHA-512:05D3018FD142AD0CC64585ACDAF5987BC9801C6EC9ED728CFFC8EBF94180C4B51533EC6226B0E575BECDF523839B6941CD7DA28F9567785B650C04F8EA10876F
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,........(1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........^.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 14:22:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2675
                                    Entropy (8bit):4.002098083362507
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:ED591A2DAF955E18840A74DDE94ECA80
                                    SHA1:6B548381254813398EC6DC3A03BF307E49D176A6
                                    SHA-256:71FADF55DB7FEA37D83B316DC772C3952CB634C1FE56E396DC1733B6C3D32D28
                                    SHA-512:0D83B78A349F03AD70EA30A407015AB1FE4E9D11FFF2361EA9A2671B18BCBC472118DF619CDB7471746593C0AF237950CE785FB8AE49655E400355A54CCCADCB
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,......t.(1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........^.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2689
                                    Entropy (8bit):4.00873971105446
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:97DD9038D8B775897102B0BF9A2FFC9C
                                    SHA1:4070619FE4326A4B5244EA56BDBDFF24C8393518
                                    SHA-256:434372BE376167F3BB9DE20EB840CB55F4C24B0C18786A1E3CF8A5A2980F8B47
                                    SHA-512:D82A4C6CF5C0A73870EC9499E7600037BEBBABE9CFB0A1FB210B2FFEB060F4D4B39E6FF783CE5DAFB5C4AB4B8EEAA4D0EB8763C99A43A22F584DD63AB5656CBD
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........^.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 14:22:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):3.9976168009779
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:2641B0E3391860FACAB18DA2EAE8AB45
                                    SHA1:2E79B4E46F651FA2B0D58ACD35CF3FBD3C005735
                                    SHA-256:9BCEEA636C039ADA8078AAEF2218E5330D8A3BEE2DC5A01BA6C135C28602CBBC
                                    SHA-512:B5BD59B6F4CB48795F904B763E153FD1B1B767AC4F63166B8EEDF6FB6C13AA08012D98CBAA44DC5BE1B28C5F82C1B78C572E184F5B6E080D17C3B4A694ABBE43
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....pn.(1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........^.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 14:22:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):3.9879676390202174
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:147B3FEE86D6EF4FC2FFB6DD242843C7
                                    SHA1:EAAECB81576FEE1B916FB4B9D449923735F9E0A8
                                    SHA-256:278A1F56BBD5B97ED08D91003D57D040419376FB45017662193713FF5DC28A1D
                                    SHA-512:750FF069900DBAEA1B26A35F8540FAB3DC68FA5C69CA6A14EDEA146727C59AC4C6C875D55448F230397E9F5FF7FD8C4101680916F009E68A1522366A5EDCAE8E
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,....T.z.(1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........^.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 7 14:22:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2679
                                    Entropy (8bit):3.9932964111334024
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5183CFE5E2841C30A885E3ADF590546F
                                    SHA1:AD90853522F39869105663A78B5C460CAB23AD06
                                    SHA-256:FB01521F2A51E1B37C1DF7D7DF3900B0DA5ABF7C9413F8069B93598796A1CFC6
                                    SHA-512:3E4758374C2B9858E358FDD07F4383D5B858C239B6C9FDD82DD385F03F02736493B1DA2B9A5FD947D863924E67E365BB6F5733F51ED673F6E9FFE5C13CFA0C18
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....tc.(1..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IgY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VgY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VgY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VgY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VgY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........^.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\Desktop\DUUDTUBZFW\EWZCVGNOWT.png.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.811499622245505
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:B15264798DAD0555C5D85A44DCB9D160
                                    SHA1:C8B28C5A36CCFF31DFF2C12DD9E8FF6B1E61FAB6
                                    SHA-256:FE4B74B017404FF8067FE946ED10F0ED8FDE96BE68B65B5D5491A0C79A04AE11
                                    SHA-512:5015942AA50D868DE199EC74A94EAE558150F32DF11488045EEB6EFDF857394E7E9C74E024F5BAAAC762D497E87AD22A1718A5D8C63E075695F5A77D491BAE53
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.8.W:.ey.6.....w.......g3.....z.~....8g....q..T.2.N.....J.(y."n...0.S...J....b..F......._.@Z...g.%0.N"...C.K}'X........('me0..DI....<....'7}...VP.....f.fNQ.s.U..[,..&.Q...b..kUn.62.....L.M.......]"C......GH..L...p.e.-"e.#..8\d(P...n....[l?............P.7.[...1Z........\....9....t...B..j.T....,.]rQ/.....n.I..r...ZX..-.\C..E.U....i.m.B.Ls.TC......W._.d.0...LbrC...`.dJ...c}..k..h.}.#.cA.x...S.<.7|.=...Ks.....m.bR...#.ID...&5B...t.04...p4a.04...7[.,].k[..IG....Oe.[._....zS..h.j..lv.G.d....E....*.....\.-wg.....h=.0d@.=v?.T6.g.U9|..?.L.G.4.z.[1..=z.&..K...g..8S%n.LE.R.@p.......7TA..w.V..MJ....?.t3e...X..B.L...\......dc.u....z.+f.W.T..)...&x...'.Jg.e..CE.......L...,.82.UA~~dT'(...yx.<g/.~.2p..)..q....zu.N.L...+....5....k.....K ..aq?}....O`d.......=...&.1...zVqKB.AQ.8C..s.P.....Ip./....?...\......0.A..7.qc.!).=/.o..R. ..Y....b....pO.n...O....Z.P.ld.8.........=Kr.x...W..;z......?...V]...(.&.....xd....b....R.C.<.Z0....Zo%....K.H.s\......,:....@XF.

                                    C:\Users\user\Desktop\EOWRVPQCCS\QCOILOQIKC.png.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.819819598732522
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:95BDD573E65B4A0D34294A7B33B60D07
                                    SHA1:AE72D03FD0ADDB06BFAF358CAB57C88D9F79E11B
                                    SHA-256:358DF5314A5CD48302584AA7F96D63607BCA94FCE61B98ED84713E7DA9A6C42A
                                    SHA-512:5DC72E0122C7190EDA60CEE78424B0F94A6D7BE9B961A0E0279EBA52E640F08FB12E558C4D18A091BA1CEE22D3B47BE1DC3725129C62CF2C65E40B759FA6F9E4
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:..../.}.TZ.....n..n..5...\.......u.=#?..T..h._...h..Zan.mp.U....G....Od...76C.".9&].....).G..zJRm.......].Y....e.t.....~....Dz/......1..e%.8.v..,...zk...ChV.9..r..&B]..........9.g..Z.=h......Tq...O...NAT..g..{.../..:.S=y...Y...@.iK.<d.eA...'N.e...N>3.T5..'...<..<6G.|.A....n.-......YI..=...K..D..........)/I.Qm.....7...|.xx!!.G'.pY..0..4.......{V.9.h5reY...q.eR6.9I.f.hi1.'.......F..s.....Bstv..Bl.fv.w8.&&._|n......j.s'.r:....(_...;.<6.>x.......,...9:..W.>= .".....|...E...+...>~.k.1..(.].....;l.....a.s..`a.....bZ..|.A.oy2.k.=V......uS<....C..B.@..oY7....S..E..0f|...j.&r..|!F.1..a.KK".P.Q.s.e..P(FY{...o.7.^b5...{.........\..V..C.w...3.. u.,p.-.H.#JJ......Gs.<..o;.ChP)..e.5.}.9&..iS6.t.B].eo.b....~.".h.. B.Q.[..!......TB.9Ja.w.@$.......Y..p4w.ei?..h.'.3.$....t.8k8....V7..b.....g...f.1......Y.....B.......,..v..h...v....F..]........\.K_"...KC;r..8~.r.k......._.....=..M.u..N.+.Q}.5...1M5^../n....+.g........,p.z......U/.....;p'HV...W........C.....IM..6

                                    C:\Users\user\Desktop\ZGGKNSUKOP\GLTYDMDUST.png.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.80613933063984
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:8BFB2575832EA222CF7B6E3DBF9AA96A
                                    SHA1:4437EA2ED16A3D3EC77A5DD95494D1973D44C212
                                    SHA-256:51E313EA264E40B1E7F5E94D33DF5B466DD6E873A29C1C25B70B432A692E407A
                                    SHA-512:BEB4EDFE5CE28DFA9C07C357C8E6994DE201AA97D15FB350901124C90DAEBD6B663EB9286C4E1F9567AFF8EF24F3609D4D2FDC6A18C10913A5B4865F21447527
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:6e.8...X......~......=^.i9E^.s.V.&+xK.;.?$*.}.W......5~...&.w....Nc....(.J.V.W...P..\{....l.F.FN.V..........i./aUM?.h.n....k$m......[_...2...#[S...].C..M....$..7......9......V..u.I.l}Rx\Q...g.4..k.|..A...H..#.KI._..8Q^.}..)2.....J-3..R.....'F......./!/b.......Mg..Q..G.o..E/D....G3.A3H.....1..&Y.P.i...g.V._..Y}^.j.lmk....6.A@!.I..t}.......q.....v.o...H1.v.......|..^.B.....M...{...w.o.`...o....m.h...-..:M..'K...F_.c.../..B.%TL.....s!..........I9.`......lOa.9....T.3sQ..)F...8..C.|.;...p.Eb..OU7........q.>i.VqT...X...$...Ny.=..q^.....OG........-l...je..#.....y...>?.k.h...' .........d..b.....:P.......m66@.i....37A}..f..+..v..:...`.\<D.....M.7P....[s..m.bR.`...7l...r..u\...)..V..BH$....Q<SL."7 ..U..E.C....S.gA..#......R..**D.`.....2._..L.jA....Y..IA.M,.MND-.P..p....J..]..q.`......r!{.lA..rGm..O.m;O.8....6...O2Y.F.b.....c...v.b.......*\...}...4./W.bFS....?.....~.2..D....".G...GB..U..w9..]c.....{.m.....[.........fHw...e+!.....]./..M...T...

                                    C:\Users\user\Documents\DUUDTUBZFW.docx.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.811683238575583
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E28472378CE251E0CDAB38D25C49D58F
                                    SHA1:BE2982D4FE5CA9AEED2402C34DF1268BBE553E83
                                    SHA-256:3D2F6CE050E2F2EA9CC811172063925347ADB543D07A408849B1ADDF7BCAB671
                                    SHA-512:B85541712E50947D3F9D5CA002C30220B23D29E8C651D1BE0DB97A0B213B7DCCB277B8E13F28E92BB0EBD8D24B981D16A069C0E4C477474D0A478095D95D6126
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:R..X.8Hq.........eg.....~P.~G..Q..[7....9b.....U..;...>@....>.~..h~..+.Q.M.T{.8...|cr85.sI...E..D......8E.:,..}......m.M..-q.R.g.......C}L.9..T./.%.].r{..a...8......K..o....5..I.....d.....Lz..........m.-..@.DW..1..G....xl.~.r+..7....u...7...f...o..m.....K.@.._}.b.`.............Yb.k..J..`7i.....u......%!.C1......|.%.(....ME.....kv.4x}..7...i.%W..EC..........2{..<.%......5..g..h...O.C.X`.7H..Z.y..8..#.......^..u....@..... .#..../V..1.sBX...k.J...P..B...^ )...Bgd.jO..+8.......x!..[A..gI.C.pq:.......V.......J.u.jmX.....,....}`..o...y..S.......4.%.....(.h..G..C.W............$.........3.$..^.1].....Jz?..#......."A...[[..A..^.Vo...TT.....:$......a...#....2=.-..+GO{....i;.nD9F].*S...C.N.0.5l-.m9...u...R.0..a.m-..mw.T..EcGYk|n..Q.v.Za.-6L.=.M.rs...D..cc...... .Fj!..Lx.z.5.k..\..cm...*.2..u..&. ..=.....G..,a.(........~2.>W.....7.6QKnA.m......N..U...4..*...'a....$n.2.....voL.UI.\..L.M......2r~]jDF^.....D(.9..\h_...........^..?,8n.....I.X.

                                    C:\Users\user\Documents\DUUDTUBZFW\EIVQSAOTAQ.jpg.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.838510981223739
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4A50CE3B9FCAB12785270576DEAD0A7E
                                    SHA1:BC78D2B4683C33085F089A6822EDE591A99888C4
                                    SHA-256:F2C3A22A484EFB67881A31E8AA9D36D91DC70573DB4095AFB873927F1A435130
                                    SHA-512:7A64A416AE130D255C1AD603748B4F4C2B97AE482B09A5C3BA45EE1F9E098235808786BD4ABDAB4A93A23E689640DA188E7F03D6C960136889E615977D370976
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:....`..d\.....e....Wl..t@........(."......!.5.R.].:z..@...._o6P5....2|.m....N....%q.6U.=....7...n..1.&....R....9h......r...?u.I.......~h..I......O.....p.;.=..V..'.F.....3..!I@...<.wU...a//.`..x.....V.k.z~...t2......Y....-.vP!N...W..=b..\;..;..q.DsB......==.b.......$4E.8>.%.Q.Eu....u9.H...C.n.'u@.l...D.....L.p......Z.Y.f.3...GQ.(..8f..4..t@..._.6u...(.e.MDG ....#..W..}ug.<z0..L......9./.......~.....d:...F.C.)% .O..e....+[.`.......s.....v......pN.eK..H.........>D!....+s.J.R..K ....N?....dJ.b.8..8.y....dh.[u.F.<C8.'W.5.x........f.....!.#Q..,..........BE....e..)...J.!(/.z;...S..".2..~.}.$.C.,P.3i...(In.*.X..?A..|b5.}?x.(G.n.....Ne....^..Y_.k..y.[..jA.4%...).........$..C..DNI.`7.Z.j..2&...\e.n..i......eo..h.*Gv.%..9.]....g=...4.....&.a.b...VX.2D...HJ..2..t..T<. s..V..F..p_n.<....opZ....f..uH<...g.....X.>....W.. v.......... Y..\<..W<..QpDl...ic....]..'..;.G.G.F;o.%.drD4h5..`7j.Lj.K'..........$..I ....@!<.o6N..7.S{G.~]......k.Q...X.+..$.CUN....S.%.2..C

                                    C:\Users\user\Documents\EOWRVPQCCS\EOWRVPQCCS.docx.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.7994340147361205
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:F5CF95165F8C7B776BDDC34A8DDA9171
                                    SHA1:CDFA860A93CDDC37547ECE1BD8C5F05968C813DF
                                    SHA-256:C60A814064208CEF667D807E2058C953E029F79282476560849166FB13E88E5B
                                    SHA-512:055C71B6AF121FE77A7670BF322D2FF82E5021783877E61F52B3DA32B4ED609250608B45569FD7D62473F9BF204D4B4B47BAB2948CB6E443C70BE59A6C73F7BF
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.......U...YR4.$&V}'|..o.).K.y.6...IQ./.b.......Tn@s.=..c...h..(g....A.,4j...Kl...m...a..D.mu..z.....}~\...N...;.:_..*.u....tx.....M.9.K@.b8R............|.....-............o\...D.).'t.~...h..8.Y}-...U2..).X.....c..r.9.E....L8....G.......p&.\SaD.M=>....u.o.Y.bwGH./..t.8...,...F.x#.....bN.D...Sj.?...=../9.C.X.e.~K..),.....C@.!.].C"....?.n+.F.n.../......(*(..........%....9.%A...*.kmp.p.....hF.Zs._}F..S..f..ZiV.!..... ..=.}.;...4.....T....&O..BF4R.n.... R..+M.._....].g...A..,d......D........!Oz...!=U..`.y~Zs.l.m........Q.:........Z.~.F.c.0.X^.3v..?/...T..o[....b.............Q.z..g....5....R.I...*...L..8CY.7..%E/d&b'.f...L/.......+.....Y....m..g?i.c.....j.!...m../9Z.%B7Rm..pfs.].....z..D....g.Y&rAG......gM....h...K. ..u.$...9.ot^...|r.=....)#..#.f%S...5.......G;B.i\...<._.&..*...+..6.*.Y._.x...e...D..Z....A......0b.v..n.X....~.bG.?.C.....h...%.RW[...I.3....s.9..eX..f..{\. .6!6.........:.?*c..3..2(..OM.g..Z............ko.....*C.QW.

                                    C:\Users\user\Documents\TQDFJHPUIU.jpg.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.784436972726507
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E593EDFE72A0D0EEB08627F8BC93BF9F
                                    SHA1:220A7612EF3B1B5E0AF29D6AFC711EC20B92ABB9
                                    SHA-256:8AE7506F0034A26B61E290512AD4AA9390E0A6CAE94D52A9DA6199FE18EF4615
                                    SHA-512:86EC54D4A044E9F00D9ECEA63D071DCF1ABFEDF11B481B64C95B745AB5188884684D61CAE1259A703E1E9BFAC453B56CA206923C6212659262A01D6C6B9D0158
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:..C..8..B.......4Y.z.kkh,.'O!...Wb..K.._6.......y.V&..r%~........?h-.-.....,...sK.m....p=..M..;..a....o._..:YK..(.m.......3...g.....m....|.Y6..y.9.9#.k..A......[xSj..L-....'.I........c.........`<V;..[.=.. ...R.@.}:.A.......J.PY...pU`..y..8.kU.=...;T.Q...y.w.$....oNZ...>RV.Pv+.G..$.:nJ.j...k.....X...j......%.^.hu(/.a.i....s%eF.....^R.......)WP..7IQgL].:........2...Q1]......#.59.....7_....OSK..D.U/.b..|.!...`.4.h.R...Di.-u...%P.8.8.s.([..6.#.f..|...%.Y.w.........+...a..,Hf...+.T......o...U..Ao.h-Ko;..O{0..K.u7g.>.-=..Z..`v..l....9e[..\...........T{.L....=P7..^K.^^#.0+.hw..B(........E......<.6Q.k#........Rg..G..'j...O.(I\..b..|f....`F.......g ..............%.I2.%M.......zTD6.$..........M....../=..^.|.N..b....c.g#.#..K..`.36...nyF..Q.b[R.......gC....W.7..'j..$v.D.=~.$......-.....r7.7{..{ 3..7.d8...._<.w.R}hR...p.h.[..WIou..i%...8n[.c|.Q...YY.z@.;..........u[t.L.i..jK.i... s.s....k.).b.....R...2..c^.T7....4..Nco...n[<y.g@Q.........s

                                    C:\Users\user\Documents\ZGGKNSUKOP.docx.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.829725220075396
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:14027A6FAAD36416DED7FCF7A49C4FCD
                                    SHA1:DB9154C8078184D95B05FF5F39557E0B8B0D6C85
                                    SHA-256:381308B25ACD0A6C68C9B6A36D32B767AD6754E5D801DB821F400ED5F82904F6
                                    SHA-512:2CC2295B9FB7500DEB430464EB3F7FD0ED3B19EFB393DF761310E437B18849427AA888F1B99647F926CB655FC4F07987F7234053EFE0419B3E8C3445270C8FF8
                                    Malicious:false
                                    Reputation:unknown
                                    Preview::..Q.o..B..M...C...s.....~..9..q>...w8......%/:....WE<....!kEA.........!E%7OU.Q_.Sq..P.+\...`.gcV..'..[.Id..w..a......!..n.X.......y..)..q..$...f.M.E#...=...tF....=.../....wU.L..2~.4>..&.oR.8.6....O....2.}|.OWOV.T(dK..I..U$..S.DE.4.V......<Az.&me.m?N........-.K..m...A...o....&.XW.8z.zH..-.?`.H....i...k@4Kk-.....-.r.$...#.........j..[=D..g6...w.j._O....z.B#....C3.Q....m...."9?...<....(l...q.........6..).f}...>..f...n%.&/sfp.R..y..v.H..e.D..^.HL.\NQ.;H..j........:.aZ.h...*...+.F%..........l........... ..9..$g.(Yw..[.LU....?R.!..0W....1.5.....S.....%...5M.....8.' .. W..k:...X.J6.@.~...X.N..I|..lAWOE...Q...t2@.H.....~S(.\....~@.{k+..X..._......t..p...1>.>4.&.@29kL$.nH......Z..<...0+:f..$...C.p..Q..y.H9.0..(.sN.U6l.....pp.Ad..YW...1.\......{~.L..64....h#.{...$.........9.=.f5....,7.^P..Qwcc....b..i|....."[.}5...J._.....K....G.........d.,.v..^.....$..R).B$W%`.....3...+.......9H..0./<.....X@.U....ue..........M.7K..c#.4.:#.........$.. l]}.

                                    C:\Users\user\Downloads\3f9056fd-b335-41f8-b434-e44fc81d403e.tmp

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):15993
                                    Entropy (8bit):7.933853941764581
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:81C6A9947A656FE7C4C7DBFEAA90D2CF
                                    SHA1:4D0E3DEC2EBD5846D1441FD80931FB965CDFB2C7
                                    SHA-256:B37453AEA148D74E80D7102120164A9CA529A3BAE11DE41570332B6A81E361D6
                                    SHA-512:35E027DA2D71220C3DAE9E4FAC261328C65802F42BD9C92D732E652887CE343318E18A5DC5CA5199224B6023934534757AD788A2FCE7EA5DBE1E8D9C70A6D044
                                    Malicious:true
                                    Reputation:unknown
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....Z.........."...P......0........... .....@..... .......................@............`...@......@............... .................................../........................................................................................... ..H............text........ ...................... ..`.rsrc..../.......0..................@..@........................................H...................R.........................................................(a.A.G.1.y.....Cq...J...4.4.,...[K..]YTd..""n.....|....1..lH..z?.6|. ..6U.QJ4..[..........%~-|...Ri....1o\.rT..w.&d0m.!@U.)....S.T......L.18.e..-.....?....poI...Xp..j.cp../N[m..5u...*].0.YY>.7.*.>.)..[.......q...#.{..~........e.^\P......R.d.8..t..3....ck..J..v.H...-E...I....(....8l......H..2....]!..O..M#...~.:u....1O...T"E.vn.....ga.....R..U..+.....<...,.#..{<L...mE.f...u..6\...u......

                                    C:\Users\user\Downloads\Annabelle.exe (copy)

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):0
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0F743287C9911B4B1C726C7C7EDCAF7D
                                    SHA1:9760579E73095455FCBADDFE1E7E98A2BB28BFE0
                                    SHA-256:716335BA5CD1E7186C40295B199190E2B6655E48F1C1CBE12139BA67FAA5E1AC
                                    SHA-512:2A6DD6288303700EF9CB06AE1EFEB1E121C89C97708E5ECD15ED9B2A35D0ECFF03D8DA58B30DAEADAD89BD38DC4649521ADA149FB457408E5A2BDF1512F88677
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 87%
                                    Reputation:unknown
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....Z.........."...P......0........... .....@..... .......................@............`...@......@............... .................................../........................................................................................... ..H............text........ ...................... ..`.rsrc..../.......0..................@..@........................................H...................R.........................................................(a.A.G.1.y.....Cq...J...4.4.,...[K..]YTd..""n.....|....1..lH..z?.6|. ..6U.QJ4..[..........%~-|...Ri....1o\.rT..w.&d0m.!@U.)....S.T......L.18.e..-.....?....poI...Xp..j.cp../N[m..5u...*].0.YY>.7.*.>.)..[.......q...#.{..~........e.^\P......R.d.8..t..3....ck..J..v.H...-E...I....(....8l......H..2....]!..O..M#...~.:u....1O...T"E.vn.....ga.....R..U..+.....<...,.#..{<L...mE.f...u..6\...u......

                                    C:\Users\user\Downloads\Annabelle.exe.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):16712208
                                    Entropy (8bit):7.999989824777097
                                    Encrypted:true
                                    SSDEEP:
                                    MD5:B429600464AB2475F871129AAE4303A8
                                    SHA1:8040D1DFBC29194B491F2DCC505C4590299D8680
                                    SHA-256:E7295F1B2E60CB142EEF3BE1C85D29D6259FE9D7F314AB81C58DEB40D0E77A56
                                    SHA-512:4AB197E831E142DB89E0AA95B40FBDE7F66C0C83DA36AE8DBA31325DA5BB4EAAB8B446063A547B81907581E370D80C43C9B8C54F21A5B8F949615CCC07BE71FC
                                    Malicious:true
                                    Reputation:unknown
                                    Preview:t..{.3...h..yd...Q...........x.......h.........<...+...>.#...Sj.)E.K.....;.JO..(x..?..DL..D.OG...^.!...As..K.H..S.....iKV{3.jN..l.<Om`.B.........{Ywc/.J..:..R..E#.]m....4.)!...6.\O*~..=...*-.!..cf'....3.6[i...8.....H...p.WR.+.}5]...!...R....HzX......T...`..L.o60jiF.W".....h.@V=...<...L.sQ.Zx.........N)..N...n.^.b..t.2.}.=H/..;.>d......i....l#...6..Q.....!|..E.X41y.cR...%.1..,........eG......y..8D.[.8c...N.n..&Ny.Dt#Q.%U.n....;..m.#..5.F...R.b:.....0G.&.4.jn..'.4..$5.v}....l..b.t..l.........Ua.;..B.....@.f..(XI...k.vvz.,..L...a.,......i.V..-..4.=..v....4......c.,Npm.....d...d....Mi{...$./...,..QzO......G....'......o`...Ct.X<._..B.'.2?.v.t.*|..Os..Q..^!.#.x.`.6..G~..W..n..9.Y..<.*#V...6..s.lYX.B........n..E....q.?.w....+{.c.'3..W.(.<...4w..lVz....!Xj.AN.<"0).9...f.y.^.5^.K...D.v.......Q)..u!.k...-.........?72..4.s..gx..X...:...0. .t.O=y...mf..<.....K..;........+...~.yt J.=..)...4^../........5.3..)$..,..S.l@0.}..[@.k.leEB......O...A.c..]..'.~

                                    C:\Users\user\Downloads\GIGIYTFFYT.mp3.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.81417339373765
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:40ED217144B7A090F83720AEEC3E1651
                                    SHA1:CF9CFF2C561B7F27AA453231866260BCFA108B35
                                    SHA-256:5774D94D7480AF5FFB56C4AA110B1CE4672CDB59D4FE6315C752B4DD17E9C65D
                                    SHA-512:6E38B68C79A8E99C9FDE7BD94BD1AD0DFD268065612336EA054485B0603EFF5171D41FFD6FD0C2AFD8A3A7ACFAC8D4CDACC3D7AB093170EFDA73DFDAB7C8667B
                                    Malicious:false
                                    Reputation:unknown
                                    Preview::..s.Q?......Z..m...d.Q..$>..I2.lb..R..m..+@.gl.h..w..n..a.0YmV..GAk..........$q..,.4..W.......P5...*4.H....G.y.(.eq...RQ...._...X..M..b.>.<yEv.=.......]H...Z..s..y..a. ...n..o..(1...a.....?.?"U.M...$..H.../.q...H. Z..[7b..1E..R..._v1..a...n..._../...w...v.qT.e7.qs.>\J/.bN.(..J.g.4N....OS4.)q....mM..l.ua..i(.G.........1..;.....4.."..r....Hb}gA.....z.5.....G.....by.7..6.'._....".+..jd...#`.z.S....".X7Z$D.Z.3.r.zj.~Sy..!..-.a........A..(W..8L~..[o.]. ......}.....(.).VL..y#..............J,O.l..<. O..^E..u.g....sW..F."m..l.~...Akw..=.c.hC.=.....n.&.^`'..(.j..t....|..2[o..I..lH.L..N#.r.....;......< .=...IO#....;..Y......9.....n.../....\......rd.Qtp<\.M....$`&..\.|.+dj.P.i..."......<..Ub!..KY._5.....`...jr.K..hm............sK...!.3..:.%b..,0...W.J:.D..t.%s..H...Yya6..\..u..).77..L.!.....t.z.%X.y...~......-;...RD.XNb-4&.Ap.......:s..fE.H..GZ...^Ef..|...E.^...Nk.n"........J...zfdp.R.jT...:..7... .2_.!z_..=L....)...dg....S....".....6.u..'=.fn.|...S.

                                    C:\Users\user\Downloads\JDDHMPCDUJ.pdf.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.8164873716566365
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:1F1765DA6C755050110145923FCD7582
                                    SHA1:F5C941D80B64EFBB9F20FDE826C94BF52B703692
                                    SHA-256:49CDDBE6413EA57F681272994A3AE13CDFA7F569E4618FAB8C2BBDA08D85A778
                                    SHA-512:BC56C069E61FCF99CE8A3D9B12860720F2CBBA21A0A718999CFC1C295EA3508EB876E6FE6E7D764DA59848D5CC330D6E994E1482E8CE0E8C039FEFE536035CF5
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:z.f....l.H|....?c`..r#$._o?,.....,..;......U.ZI...<.J.#....UN....F.ua...qQx....p&Y.S.q8.i....}.........'.*]"W..fX...f...om..Y...{(...x.wZIV..^V..Q.[tE.Em=~....TR...(vZ..I.....s.y~... .]....A..@}..bi5. .`>1.WT&....9'R....b.r.C./..L..&...C.#.T=.l.8.f.......:L,..4...9. [.L1'l........*...k._.B_&...6./.Er.......CNpi..v`...2d......6..7.`.B..h.fr....&U..-..{....39kz..$.4..Q..dO.s.r.w.-4W|v7.I.b.....o......="T..}.g....uh..LyJt:/C'~+..'...$..2..s...+..i.k.nyiP.....`...\.a.q0.u.2.h....R.x....\.EHV.t#.R.P..\d..R........^. .. c..S.FH.b.>v.WT..\.@.0.....[.9.a..O..(d..y.f.y......S..\..#^.....R=.C..ijY.*.5...."y..g...b.m.....G.'...I..&.6.1.~....E..x\....>5...)..uhu\.....!....U.....)....R...[.H.o.'..5..!.Y....A.c..7.h@.....4C.._w..*.z./x..TZ..6^G.q..._M.)...ttG9. a...a.,?r...c.4.rI......H.7.&........u...`...A..3\.5X...o!.z43..9.Pq..e.N|....].X...k.A.%.A.q/..@..NG.,...J...^.\..+.C..l.m....$....;.q........c..eWs....k...*.:..G#.E..Uw..nw"...%W..=.UvIX.A.

                                    C:\Users\user\Downloads\Unconfirmed 832167.crdownload

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):16712192
                                    Entropy (8bit):7.987767125866745
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0F743287C9911B4B1C726C7C7EDCAF7D
                                    SHA1:9760579E73095455FCBADDFE1E7E98A2BB28BFE0
                                    SHA-256:716335BA5CD1E7186C40295B199190E2B6655E48F1C1CBE12139BA67FAA5E1AC
                                    SHA-512:2A6DD6288303700EF9CB06AE1EFEB1E121C89C97708E5ECD15ED9B2A35D0ECFF03D8DA58B30DAEADAD89BD38DC4649521ADA149FB457408E5A2BDF1512F88677
                                    Malicious:true
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    Reputation:unknown
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....Z.........."...P......0........... .....@..... .......................@............`...@......@............... .................................../........................................................................................... ..H............text........ ...................... ..`.rsrc..../.......0..................@..@........................................H...................R.........................................................(a.A.G.1.y.....Cq...J...4.4.,...[K..]YTd..""n.....|....1..lH..z?.6|. ..6U.QJ4..[..........%~-|...Ri....1o\.rT..w.&d0m.!@U.)....S.T......L.18.e..-.....?....poI...Xp..j.cp../N[m..5u...*].0.YY>.7.*.>.)..[.......q...#.{..~........e.^\P......R.d.8..t..3....ck..J..v.H...-E...I....(....8l......H..2....]!..O..M#...~.:u....1O...T"E.vn.....ga.....R..U..+.....<...,.#..{<L...mE.f...u..6\...u......

                                    C:\Users\user\Downloads\ZIPXYXWIOY.jpg.ANNABELLE

                                    Download File
                                    Process:C:\Users\user\Downloads\Annabelle.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1040
                                    Entropy (8bit):7.804817769152848
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:BCEB31A9CC48B244D7E4772E499F8CC0
                                    SHA1:C1853336E88779B1198E88E24473C16F7E61F43B
                                    SHA-256:5242B89595DDE09D8664B23B8F8206C645A41230DEC6B173EC82F5ADBD57B7E2
                                    SHA-512:CCA68F6CC3394FCDC82BA43039905F35F37B201688DC9ABDADC121F9734BB50E208B14A2EBDD56E09A2BBDA3931DCCCEA248CD9BCDBECF689F0778679182FC1E
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{......3-...*..c.L\.o......m....Q.......y.M;..j$k3...U...+x......b.C.@..B.=.v"&.:TAW.8.9.glY..{u.........0.V..:.....K..^......A...T..h.@?...e;~b........950Kr...su...9r.."..$...jb.(.:}.3]...Hx*J...x.J...........J.7f.k.....^[;Ilk.Q..%.:.dH....p..tW...&.;"..Y..p;.6.....J...Vey...[..b...=E.l.....&.y.1...S.7.>..o...w..cY.<.,".Iq...xO.v9u.e.h..z..;bmM..0.e...n...........~....F...].....:.t..u[G.w,.0O..P=6a....;c.\e.......aYt.g8T...P...M.FK.<.A{y...n..2j,(/v?..d.].*.f.Lt...}.1.V....Lo.[..D.=....,#....BYk.y..h.....E.[.DE..Q}.........p...bph....Z..M.i.!.a."..o5....$_....y....\. .%E......+#sx..=..@x.2@F...9.SWV....o.a-.}u....~~....h...nws`"....R......@.DpF....J).pJl.....7.\..umZhN"..ru...X...@k.,.?...'.f.@.u~..JF..vw.>.Y../..[F...~..y..(..l...ks...?..hY.]O.KGip.T..l.e3.Y._.c..=.|.5b?.B...$F.L......pE+....G....p....8.%...'X.'XP...l>.4#.r.E....I.0...........).....U\...N"...\.x..O..E.Lq.[../v4\FV.|.l.\..6..Z>..V|....|^s....'..Q....|./.6"m..i9=T.u..d...

                                    Chrome Cache Entry: 181

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (1680)
                                    Category:downloaded
                                    Size (bytes):1681
                                    Entropy (8bit):4.729072744395338
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:20C0B149767C7B86133342D54A6F3C63
                                    SHA1:2151D6CB6F54A91C1440C6B2BCA8F6474D51D4F9
                                    SHA-256:0BDD980480BAB5AD20512C405FF7F74F6100D78D61613BD53CBBB92E1C3E203F
                                    SHA-512:E9ED4CCD4D5EB2B8A1D8563993D3533D36CCF75BCBBCA2F2267A911D5E3E3DB3DE55BD53B3C144E97DFCBF1A4A864F547AC06C3E711633C912E31CAF9D26DE23
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/scripts/scrollbar/flexcroll.css?v=1672898121
                                    Preview:.scrollgeneric{line-height:1px;font-size:1px;position:absolute;top:0;left:0}.vscrollerbase,.hscrollerbase{width:0px;height:0px}.vscrollerbar{width:8px;margin-left:-10px}.hscrollerbar{height:8px;margin-top:-10px}.vscrollerbar,.hscrollerbar{background-color:rgba(0,0,0,0.12);border-radius:100px;-moz-transition-property:background-color;-o-transition-property:background-color;-webkit-transition-property:background-color;transition-property:background-color;-moz-transition-timing-function:ease-in;-o-transition-timing-function:ease-in;-webkit-transition-timing-function:ease-in;transition-timing-function:ease-in;-moz-transition-duration:0.3s;-o-transition-duration:0.3s;-webkit-transition-duration:0.3s;transition-duration:0.3s}.vscrollerbar:hover,.hscrollerbar:hover{background-color:rgba(0,0,0,0.42)}.vscrollerbar:active,.hscrollerbar:active{background-color:rgba(0,0,0,0.42)}.white-scrollerbar .vscrollerbar,.white-scrollerbar .hscrollerbar{background:rgba(255,255,255,0.3);-moz-transition-proper

                                    Chrome Cache Entry: 182

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (28138)
                                    Category:dropped
                                    Size (bytes):28200
                                    Entropy (8bit):5.331249213100033
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:EA1DADC9263DA4A1D26764EB733D23FE
                                    SHA1:E9FCE3F99DAB42BB7E29F3F0A3196FE3289AE4A7
                                    SHA-256:89BC7DAE78CD485C928575BE538FEA49F297702F6404A9BCE351974780DE834B
                                    SHA-512:13ED30BD0260F44562A3AABF86890C8211CBA3506827827DB2B320860520EE19765A2786598F4FB47E7BC0840BD0BB2536F9B7C80836540873B27C4ABF943570
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:/* Copyright (c) 2024 Synology Inc. All rights reserved. */..Ext.ns("SYNO.SDS.Sharing.Custom"),SYNO.SDS.Sharing.Custom.LoginHandler=function(e){function t(){SYNO.SDS.ExtraSession.is_sharing_upload?window.isMobile()?SYNO.FileStation.LoginDialog=new SYNO.FileStation.Request.MobileAccessPage:"password"==_S("sharing_status")&&(SYNO.FileStation.LoginDialog=new SYNO.FileStation.Request.AccessPage({_mode:_S("sharing_status"),_data:SYNO.SDS.ExtraSession})):(SYNO.WebRTC&&(SYNO.WebRTC.Enable=SYNO.WebRTC.IsRelay,!0===SYNO.WebRTC.Enable&&SYNO.WebRTC.GetDefaultChannel()),SYNO.FileStation.LoginDialog=new SYNO.FileStation.Sharing.AccessPage({_mode:_S("sharing_status"),_data:SYNO.SDS.ExtraSession,isMobile:window.isMobile()}))}if(window.isMobile()){var i=document.createElement("meta");i.name="viewport",i.content="width=device-width, initial-scale=1.0",SYNO.SDS.ExtraSession.is_sharing_upload&&(i.content="width=device-width, initial-scale=1.0, maximum-scale=1.0"),document.getElementsByTagName("head")[0].

                                    Chrome Cache Entry: 183

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                    Category:downloaded
                                    Size (bytes):18929
                                    Entropy (8bit):3.4230111757191897
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E903266B5CEC648754BC4FA966C21EFA
                                    SHA1:6FFB6F68B5CB5208939C18D211E1592A1FB6FFBA
                                    SHA-256:F2330A566454EC93C1B4D986F3B672D770762431B7D0051A5E9F77D10FA34B83
                                    SHA-512:C7829992549D3EBC565118226D41E982A2E90FEE4156ACD3F2E2BC023B8304BE060CC8E8CEF22F24ED4B950DA5EAADF0FA339927A19F66DA78364DB180C1BA26
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile.me/e903266b5cec648754bc4fa966c21efa.png
                                    Preview:.PNG........IHDR.............V.W....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0..z..0... ..Q.f......Ml..@D...E......H..b!(.`.H.Pb0...dF.J|yy.......g.s..{....$O../... .'..z8.W.G....x....0Y.A..@$/7.z........H..e..O...O.T...._..lN:K.."N.....3"..$..F../JP.rb.[.}..Q..d.[..S..l1..x{..#b.G...\N..o.X3I....[ql2.....$..8.x.......t..r.p../8...p...C...f.q....K.njm.{r2.8...?......).L^6..g.,.qm."[.Z[Z....~Q....7%.."....3......R..`.j...[.~.:.. w....!.$E}k...yh.y...Rm..333..........:..}.=#.v.....e...tq.X)I)B>==......<..8..X....9<QD.h..8Q.yl....sy....0.OZ.k.(...5..H....>.....yP..........:.8......p.........Lg....k.k...$.......t.!0.V..8.7....`.........2A....@.....JP..A#h.'@.8.....:....`....`......a!2D..!UH.2.. .d..A>P ..ECq...B.....*.*.Z....:.]..B..=h...~....L...2...........5p.......N..........:|......@...QC.....!.H,.G6 .H9R.. ]H/r..A..w(......Q.(OT...JCm@..*QGQ...-.(j...MF+...6h/.*t.:.]..G7....w...7......Xa<1..

                                    Chrome Cache Entry: 184

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=This content is subject to copyright.], progressive, precision 8, 3840x2400, components 3
                                    Category:downloaded
                                    Size (bytes):331030
                                    Entropy (8bit):7.946599096300071
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:2C8DC35F91AE96CFCADAE5D82B0BE1BA
                                    SHA1:BE0D5A27D6533AE08278C726BA004E2A3772171F
                                    SHA-256:EEFDCEC04DA6A5A951AA6C4EBB4FB3213137E9C5D326F8C9D577F72F674FCC5B
                                    SHA-512:EC22C78294364858259578A97C0D018A2618E14193D510306F6A40089945DE429F2F56E904A081100D6D878FF4FD43B469F16631DEBB9B95D50939CFB0C1D28C
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/resources/images/2x/default_login_background/dsm7_01.jpg?v=1730912426
                                    Preview:.....JExif..II*...........&...........This content is subject to copyright........Ducky..............http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmpMM:OriginalDocumentID="E28A3ECFDFAD82F3001FE392D6968CBD" xmpMM:DocumentID="xmp.did:60A6FC0BDC1A11E983C2FB5020B2E12C" xmpMM:InstanceID="xmp.iid:60A6FC0ADC1A11E983C2FB5020B2E12C" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" photoshop:AuthorsPosition="Contributor"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B7922429B26611E8A23AD64275DE05A9" stRef:docum

                                    Chrome Cache Entry: 186

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):240361
                                    Entropy (8bit):5.10648394473573
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:F1E490046B2A1EC7A3DC07A5ADE122D2
                                    SHA1:211A90B56853E81BB7C03EB579100143DE0D479C
                                    SHA-256:E68FA34733A2283CD59C0B9EE8094DCE145AAB7700F89116BB1DA20CEAB8E79C
                                    SHA-512:FFE2713F4EAC9AE8BD6AE965ACB08487AF8857110C20128AFD3E880AFEB6DC0C2D65FDECBD42842F68D8999200FA5535EE07E531DD1BADAE1CDEDFC5EB6432EA
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/StorageManager/style.css?v=1710317395
                                    Preview:.sm-adv-disk-step .adv-disk-step-disk .adv-disk-step-free-disk-panel .syno-ux-mask-info{font-family:Verdana,Arial,sans-serif}.sm-adv-disk-step .adv-disk-step-disk .adv-disk-step-free-disk-panel .syno-ux-mask-info:lang(zh-TW){font-family:Verdana,Arial,Microsoft JhengHei,sans-serif}.sm-adv-disk-step .adv-disk-step-disk .adv-disk-step-free-disk-panel .syno-ux-mask-info:lang(zh-CN){font-family:Verdana,Arial,Microsoft YaHei,sans-serif}.sm-adv-disk-step .adv-disk-step-disk .adv-disk-step-free-disk-panel .syno-ux-mask-info:lang(ja){font-family:Verdana,Arial,Meiryo,sans-serif}.syno-sm-quickstrart-win .syno-sm-quickstrart-panel .text-btn-sec .title,.v-sm-bold,.v-sm-medium,.v-sm-list .v-sm-list-value,.syno-app-storage-manager .v-expandable-item.item-wrap .item-summary .item-title,.syno-app-storage-manager .item-detail .item-title,.sm-font-bold,.sm-font-medium,.sm-overview-health-mini-text,.sm-overview-container-toggle-line .toggle-area .toggle-text,.sm-storage-warning-dlg-title,.sds-space-host-n

                                    Chrome Cache Entry: 187

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text
                                    Category:downloaded
                                    Size (bytes):104
                                    Entropy (8bit):4.806545700170941
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E5852FFCA83F9AF9EC19DB05D564A774
                                    SHA1:4B126E925DA5A0FFD2B8BCB5793FC58379E1571C
                                    SHA-256:A30D0E30EA7025B3686A6F8AAA82C2D3C3FFF4F5D230E3199BDACA9D70A5732B
                                    SHA-512:C961FFFF995531D87100FF95BB7397A1A97B04C54055153CE994101FEF8C74862272876BB9FA756AA51049ADA3669B26BFE94FE807EF75DB28F5DD3174526C91
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/TaskSchedulerUtils/style.css?v=1725262674
                                    Preview:.recycletask-advanced-dialog .syno-ux-superboxselect{margin-left:30px;max-height:100px;overflow-y:auto}.

                                    Chrome Cache Entry: 188

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (49302), with no line terminators
                                    Category:dropped
                                    Size (bytes):49302
                                    Entropy (8bit):5.424153855277755
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:8A354E95CF9B5357D835B1F7D59D28C7
                                    SHA1:CE95FB4FF9B909888C8C82C52D384E97E6393E3F
                                    SHA-256:37C0E24D01FA670C4C5169C64CCCDFA4F25961797A309BB6EAAF5930F3BC42EA
                                    SHA-512:3D5C86D9987A37BBC7E87569D6960887A27C7CA0E4457FE041B367851EB9DB97EAA92FA87427C237020EC85551670DC27BEE75AEFA86CE873C4E56EF6FF71AED
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:!function(e){var t={};function n(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{}};return e[i].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:i})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var i=Object.create(null);if(n.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(i,r,function(t){return e[t]}.bind(null,r));return i},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=40)}([function(e,t,n){e.exports=function(e){var t=[];return t.toString=function(){return this

                                    Chrome Cache Entry: 190

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:troff or preprocessor input, ASCII text, with very long lines (2043), with no line terminators
                                    Category:downloaded
                                    Size (bytes):2043
                                    Entropy (8bit):4.977229765038544
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:FDA895D1D3B69F2A33798F986ECF9DBF
                                    SHA1:2D13BB9C3F7D7A5EC52049E79B9482C0387BFB57
                                    SHA-256:825F3468513E6D24C5C3B5097FE9DEFD19300B9E5C8E2748A7439EDC05F9A5FA
                                    SHA-512:F9D585E27F6A6D7034FE16D1075AC96239C02929019DDC645134FF86B8A7AA21A09D6EDFED9C08A88F014A3F2242B45F0AD4E5B1337DD71B7F25C5346196EA40
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/C3/style.css?v=1711103609
                                    Preview:.c3 svg{font:10px sans-serif;-webkit-tap-highlight-color:transparent}.c3 line,.c3 path{fill:none;stroke:#000}.c3 text{-webkit-user-select:none;-moz-user-select:none;user-select:none}.c3-bars path,.c3-event-rect,.c3-legend-item-tile,.c3-xgrid-focus,.c3-ygrid{shape-rendering:crispEdges}.c3-chart-arc path{stroke:#fff}.c3-chart-arc text{fill:#fff;font-size:13px}.c3-grid line{stroke:#aaa}.c3-grid text{fill:#aaa}.c3-xgrid,.c3-ygrid{stroke-dasharray:3 3}.c3-text.c3-empty{fill:gray;font-size:2em}.c3-line{stroke-width:1px}.c3-circle._expanded_{stroke-width:1px;stroke:#fff}.c3-selected-circle{fill:#fff;stroke-width:2px}.c3-bar{stroke-width:0}.c3-bar._expanded_{fill-opacity:.75}.c3-target.c3-focused{opacity:1}.c3-target.c3-focused path.c3-line,.c3-target.c3-focused path.c3-step{stroke-width:2px}.c3-target.c3-defocused{opacity:.3!important}.c3-region{fill:#4682b4;fill-opacity:.1}.c3-brush .extent{fill-opacity:.1}.c3-legend-item{font-size:12px}.c3-legend-item-hidden{opacity:.15}.c3-legend-backgroun

                                    Chrome Cache Entry: 191

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):120225
                                    Entropy (8bit):5.108599419000683
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:8F6D46D8A9D3C7C1089AEAC7946E12DD
                                    SHA1:CE933871A25C95C6AFE39E0EEEA77EA03529B28F
                                    SHA-256:00BB43AC1031B8262DF835B987EB2277CE69C80947C4C5008376659A6B55BD3E
                                    SHA-512:D4DD1C826E2CDACD4C85A3C44BFE1B3A3D299FBE8CFA5F7A4400C928237153EABC4D2D448875367BE952C1A924086E7971528CD6A0F3E6D910E0E308F97AD8E6
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/FileBrowser/style.css?v=1720167699
                                    Preview:.webfm-access-dialog .webfm-empty-text,.webfm-access-dialog .webfm-avatar-btn-wrap .webfm-login-avatar-icn,.webfm-access-dialog .webfm-login-btn em button,.webfm-password-input,.webfm-login-dialog-status .syno-ux-displayfield,.webfm-login-dialog-title,.webfm-login-desc.syno-ux-displayfield,.webfm-login-footer,.webfm-download-filename,.webfm-request-access-dialog .webfm-login-dialog-title,.webfm-request-access-dialog .webfm-login-btn em button{font-family:Verdana,Arial,sans-serif}.webfm-access-dialog .webfm-empty-text:lang(zh-TW),.webfm-access-dialog .webfm-avatar-btn-wrap .webfm-login-avatar-icn:lang(zh-TW),.webfm-access-dialog .webfm-login-btn em button:lang(zh-TW),.webfm-password-input:lang(zh-TW),.webfm-login-dialog-status .syno-ux-displayfield:lang(zh-TW),.webfm-login-dialog-title:lang(zh-TW),.webfm-login-desc.syno-ux-displayfield:lang(zh-TW),.webfm-login-footer:lang(zh-TW),.webfm-download-filename:lang(zh-TW),.webfm-request-access-dialog .webfm-login-btn em button:lang(zh-TW){font

                                    Chrome Cache Entry: 194

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (7214)
                                    Category:downloaded
                                    Size (bytes):34870
                                    Entropy (8bit):5.00382687503915
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:805DB5205640B2671FAF2BAE5B5C76EF
                                    SHA1:6038945E16BA88A3AF4AA79357A429E42EDD4FE4
                                    SHA-256:88EAF28743351F3225EA5E0250C5F2926D854042C21DA0DFBA900D175D6C12B1
                                    SHA-512:54C2B004824A85BC6F68240131EB0676F4295B253CAC3013B4F1C81F3F22FB04C23C8DF4B54577B8C6E637A660724D8409E4690DCF200714303704CA28924FC9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/PersonalSettings/style.css?v=1725262674
                                    Preview:.syno-sds-personal-option-form img.thumb-customize{max-width:160px;max-height:120px;margin-right:10px}.syno-sds-personal-option-form .color_field .x-form-element{padding-left:170px !important}.syno-sds-personal-option-form .wallpaper-filename{min-width:200px;height:32px}.syno-sds-personal-option-form .thumb-customize{position:absolute}.syno-sds-personal-option-form .wallpaper-select-btn-container{height:32px}.syno-sds-personal-option-form .wallpaper-select-btn{margin-bottom:5px}.syno-sds-personal-social-user-name,.mail-attachment-item,.syno-sds-personal-trustdevice .trust-device-wrap .trustdevice-desc .date{font-weight:700}.email-provider-template .email-provider-custom{color:#057FEB}.syno-sds-personal-social-account{height:188px;width:136px;background-color:#EFF6FB;border-radius:3px;padding:12px}.syno-sds-personal-social-account img.thumb-user-icon{height:128px;width:128px;margin-left:4px;margin-right:4px}.syno-sds-personal-social-account-name{font-size:15px;height:28px;padding-bottom

                                    Chrome Cache Entry: 197

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):89405
                                    Entropy (8bit):5.6205780117027055
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:1F7692F5A531663A5821CE01296A07A2
                                    SHA1:206B5A8E736CB8DE35D7591E51887E27CF003C95
                                    SHA-256:B06246B4AF5ABB0C307647A3CECB8AC7C83D971268A85996EEFF33A3FF3ED446
                                    SHA-512:736A9D1F23CEDC449695807C281E230851EB920F225818F7BD94132BE4E1F0370167FD1910A4EEAACEFA32F302303F0F938F32EE7BA74DE27BA41652E9FA2944
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/sds/dist/dsm.common.bundle.js?v=1711103609
                                    Preview:!function(){var t={766:function(){SYNO.ns("SYNO.SDS.Session"),_S=function(t){return SYNO.SDS.Session[t]},_TT=function(t,e,n){try{return SYNO.SDS.Strings[t][e][n]}catch(t){return""}}},240:function(){SYNO.SDS._GetCookie=function(t,e){var n=new RegExp("(?:(?:^|.*;\\s*)"+t+"\\s*\\=\\s*([^;]*).*$)|^.*$"),i=e.replace(n,"$1");return""===i?null:decodeURIComponent(i)},SYNO.SDS._SetCookie=function(t,e,n,i){var o=t+"="+encodeURIComponent(e);if("object"==typeof n)o+=";expires="+n.toUTCString();else if("number"==typeof n){var r=new Date;r.setTime(r.getTime()+24*n*60*60*1e3),o+="; expires="+r.toUTCString()}"string"==typeof i&&(o+="; path="+i),document.cookie=o},SYNO.SDS.GetCookieByName=function(t){return SYNO.SDS._GetCookie(t,document.cookie)},SYNO.SDS.SetCookie=function(t,e,n){SYNO.SDS._SetCookie(t,e,n,"/")}},705:function(){var t,e,n;SYNO.ns("SYNO.Encryption"),SYNO.Encryption.AES=(n=function(t,e){var n={},i=n.lib={},o=function(){},r=i.Base={extend:function(t){o.prototype=this;var e=new o;return t&&

                                    Chrome Cache Entry: 204

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (6389)
                                    Category:downloaded
                                    Size (bytes):32063
                                    Entropy (8bit):5.078618357173717
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:50E07A97C6E8895FB606692CAB8070C0
                                    SHA1:E12C427F6B81B2D1B40FBDCC983C460E812AFEAB
                                    SHA-256:7D31FC697C6492FB622A39C7C241FB3D0E6152C30DD1EF5A560CE792DF4B7D1B
                                    SHA-512:538BE306BF3BE38C1BF289A97F44EB296533C6E6904DA78A17AF9401CBC9C65FDDCD371D663563B23300C47D7F267ED709DA501C9B566C04DA13EF28DC70D14C
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/HelpBrowser/style.css?v=1725262674
                                    Preview:.tip-card .tip-card-title{font-weight:700}.tip-card{cursor:pointer;position:relative;margin-right:12px;flex:1;border:1px solid rgba(198,215,224,.6);border-radius:4px;box-shadow:0 2px 6px 0 rgba(0,0,0,.03);padding:16px 16px 16px 64px;transition:box-shadow .25s ease;background-color:#fff;min-height:126px;min-width:242px}.tip-card:hover,.tip-card.hover{box-shadow:0 3px 8px 0 rgba(0,0,0,.15)}.tip-card:active{box-shadow:0 2px 4px 0 rgba(0,0,0,.2)}.tip-card:last-child{margin-right:0px}.tip-card .tip-card-icon{position:absolute;top:16px;left:12px;width:40px;height:40px}.tip-card .tip-card-icon.notification{background-size:40px 40px;background-image:url(./images/assets/06777f320b6d5ac0040f.png)}@media(-webkit-min-device-pixel-ratio: 1.5),(-o-min-device-pixel-ratio: 3/2),(min-resolution: 144dpi){.synohdpack .tip-card .tip-card-icon.notification{background-image:url(./images/assets/f0d8f6ca8b70042b1b96.png)}}@media(-webkit-min-device-pixel-ratio: 1.5),(-o-min-device-pixel-ratio: 3/2),(min-resolu

                                    Chrome Cache Entry: 205

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (2259)
                                    Category:downloaded
                                    Size (bytes):2260
                                    Entropy (8bit):4.8813251070855035
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4503F50D1E3093DAA22E2409582E43DB
                                    SHA1:CBC45F3C1EF24835F863BF0A9BDB5E1C7ABEB0A1
                                    SHA-256:66F90A16B9BF1D883E9DB43AC697F36FEC755488D61BBB43E8D9B5644C3BFB9D
                                    SHA-512:20D5832F430F2DF69C31B0217D0501436AEA1673455D3ACFA8A25C298F10609C74EBC4CA4AB2A06A0437F395CC8E0927A03DF2953895C19E7FD1E7C45ADC44A0
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/OAuthService/style.css?v=1678783966
                                    Preview:.syno-app-oauthservice .syno-ux-modulelist .x-tree-node-icon.icon-application-list{background-image:url("images/1x/c_icon_application_list.png")}@media (-webkit-min-device-pixel-ratio: 1.5), (min-resolution: 144dpi), (-o-min-device-pixel-ratio: 3 / 2){.synohdpack .syno-app-oauthservice .syno-ux-modulelist .x-tree-node-icon.icon-application-list{background-image:url("images/2x/c_icon_application_list.png");background-size:22px 44px}}@media (-webkit-min-device-pixel-ratio: 1.5), (min-resolution: 144dpi), (-o-min-device-pixel-ratio: 3 / 2){.synohdpackdebug .syno-app-oauthservice .syno-ux-modulelist .x-tree-node-icon.icon-application-list{background-image:url("images/2x/c_icon_application_list.png");background-size:22px 44px;outline:1px red dashed}}.syno-app-oauthservice .syno-ux-modulelist .x-tree-node-icon.icon-client-list{background-image:url("images/1x/c_icon_client_list.png")}@media (-webkit-min-device-pixel-ratio: 1.5), (min-resolution: 144dpi), (-o-min-device-pixel-ratio: 3 / 2){.sy

                                    Chrome Cache Entry: 206

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (49107)
                                    Category:dropped
                                    Size (bytes):117885
                                    Entropy (8bit):5.372781135606154
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:7A0077C97D3D700FFAA523CD4AD9E475
                                    SHA1:B33255A838CE3AA1ADA3227F6BC02CAB60812D25
                                    SHA-256:5E6E7F0A29583FCC5440EDB0AC41396E2793EDA8710723E6151AB11C8D9C00A5
                                    SHA-512:D435428BC252A9997E666B9B410BA2DA65CEE1E6B3C57529A68098BEB60AAB3F23F962EE61AB0ADA73C3BA8DED85D747F0D2D1EFB26BA15EB98D16D1BE70E8DE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:(window.wpSDSjslibFn=window.wpSDSjslibFn||[]).push([[0],[,,,,,function(t,e,n){var r,o=n(47),i=n(25),s=n(49),a=n(50),c=n(51);"undefined"!=typeof ArrayBuffer&&(r=n(52));var u="undefined"!=typeof navigator&&/Android/i.test(navigator.userAgent),h="undefined"!=typeof navigator&&/PhantomJS/i.test(navigator.userAgent),f=u||h;e.protocol=3;var l=e.packets={open:0,close:1,ping:2,pong:3,message:4,upgrade:5,noop:6},p=o(l),d={type:"error",data:"parser error"},g=n(53);function y(t,e,n){for(var r=new Array(t.length),o=a(t.length,n),i=function(t,n,o){e(n,(function(e,n){r[t]=n,o(e,r)}))},s=0;s<t.length;s++)i(s,t[s],o)}e.encodePacket=function(t,n,r,o){"function"==typeof n&&(o=n,n=!1),"function"==typeof r&&(o=r,r=null);var i=void 0===t.data?void 0:t.data.buffer||t.data;if("undefined"!=typeof ArrayBuffer&&i instanceof ArrayBuffer)return function(t,n,r){if(!n)return e.encodeBase64Packet(t,r);var o=t.data,i=new Uint8Array(o),s=new Uint8Array(1+o.byteLength);s[0]=l[t.type];for(var a=0;a<i.length;a++)s[a+1]=i

                                    Chrome Cache Entry: 207

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:JSON data
                                    Category:dropped
                                    Size (bytes):126
                                    Entropy (8bit):4.563079506303994
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:32C5B6B98BA436A0E8DDA0E09570178A
                                    SHA1:CA942485529BF4009F971A5C8EB4CAED6D16901D
                                    SHA-256:B7DB0B7F2D1CA12ED794044F56C6369BFCE0DDF15809BB0C2B5BE9AAD32FCE29
                                    SHA-512:38A5EFA67C2F9688DB2508C84FF27A1491ED675662657279C38897E0DAB590D99BC315E62BA2F2C6F81191FE8420D73F3EB7B9825360DEC96DB78BC57F5D4F96
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:{. "boot_done" : true,. "disk_hibernation" : false,. "ezid" : "e6c1404d21e1afee1921b024d8b7bc8a",. "success" : true.}.

                                    Chrome Cache Entry: 208

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):132113
                                    Entropy (8bit):5.031794526477232
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:F3B6A07FA7AA0171B28EE7DB87528B10
                                    SHA1:BDA4A85E3C7CA8AF95A95359C1EB7C1791176B4F
                                    SHA-256:C053487A36B19F80BC361391D393630F95A78C3E91920B3FCF7203BEA82628B9
                                    SHA-512:870F291065DB7766F5D7BF52646458AC469130860654C561CC2F3B403263B9E4950000FC8BD17739B03D39FDD658A1C716C1697CCBEB784E76374A2C917E8EE4
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/AdminCenter/style.css?v=1716892618
                                    Preview:.syno-update-reset .progress-wrapper .progress-chart .number-wrapper .progress-number,.syno-update-term .syno-update-term-field .syno-update-term-content ul li{font-family:Verdana,Arial,sans-serif}.syno-update-reset .progress-wrapper .progress-chart .number-wrapper .progress-number:lang(zh-TW),.syno-update-term .syno-update-term-field .syno-update-term-content ul li:lang(zh-TW){font-family:Verdana,Arial,Microsoft JhengHei,sans-serif}.syno-update-reset .progress-wrapper .progress-chart .number-wrapper .progress-number:lang(zh-CN),.syno-update-term .syno-update-term-field .syno-update-term-content ul li:lang(zh-CN){font-family:Verdana,Arial,Microsoft YaHei,sans-serif}.syno-update-reset .progress-wrapper .progress-chart .number-wrapper .progress-number:lang(ja),.syno-update-term .syno-update-term-field .syno-update-term-content ul li:lang(ja){font-family:Verdana,Arial,Meiryo,sans-serif}.syno-network-oobtab-cls .syno-oobtab-inline-block-title,.fix-dialog-detail-panel .detail-panel-titles,.

                                    Chrome Cache Entry: 210

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (4023)
                                    Category:downloaded
                                    Size (bytes):4024
                                    Entropy (8bit):5.104298715207356
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:DE46B2EE222A046AB66D19359F8DC612
                                    SHA1:A2120B7AC271E747DE9C87C57009444918411F83
                                    SHA-256:7FF4D9769842F22B2A2A6C0EC81AA591C3B83F3ACFAE021B3262423761879475
                                    SHA-512:BEDD25BD645194B135B47993B01AC477ACDECCBB4A4686BE01559910F2E4E22A8E196595F2B662D0B4D06FA3032386F9EE7EB9333CA1A9EDF3432B3071A562E3
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/OTPWizard/style.css?v=1725262674
                                    Preview:.syno-otp-wizard-header .syno-otp-authenticator .syno-otp-authenticator-text span{font-weight:700}.syno-otp-wizard-header .x-window-header.x-panel-icon .x-window-header-text{padding:0px}.syno-otp-wizard-header .syno-ux-displayfield.x-form-display-field div{padding-left:1em;text-indent:-1em}.syno-otp-wizard-header .syno-otp-link-text{text-align:center;margin-bottom:6px;padding:0px}.syno-otp-wizard-header .syno-otp-qrcode-display{margin-top:12px;padding:0px;text-align:center;vertical-align:top}.syno-otp-wizard-header .syno-otp-authcode-text{margin-top:12px;margin-left:14px;padding:0px}.syno-otp-wizard-header .syno-otp-authenticator-div{margin-bottom:6px;padding:0px;height:100px}.syno-otp-wizard-header .syno-otp-authenticator-icon{width:82px;height:82px;display:inline-block;margin:8px}.syno-otp-wizard-header .syno-otp-authenticator{display:inline-block;background:#FFFFFF;border:1px solid rgba(198,212,224,0.7);border-radius:4px;width:240px;height:98px;margin-right:16px}.syno-otp-wizard-hea

                                    Chrome Cache Entry: 211

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 4 x 44, 8-bit/color RGBA, non-interlaced
                                    Category:dropped
                                    Size (bytes):157
                                    Entropy (8bit):5.884717655193858
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:898576D35106868C83376B0DB03D13A7
                                    SHA1:8CD2730C7879C60A64AD0BED8523C4BBD0277D17
                                    SHA-256:796D8F69BCF431D76DC21194A3B0510441C9255CDF383721BD15F901FFAE8D14
                                    SHA-512:5B4D2FE20CC53A25FDA267729EB047C015544508D52FD4F9D09F2DBD758AB457286B615B8A92A04CE32028BD58A0B112280F6CE14D301692F9EBA1D93F933AAE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.PNG........IHDR.......,.....B..%....tEXtSoftware.Adobe ImageReadyq.e<...?IDATx.bd``...........I.,.......@....._...A.......PVt...0.;. ..g...0U......IEND.B`.

                                    Chrome Cache Entry: 212

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                    Category:dropped
                                    Size (bytes):1045
                                    Entropy (8bit):7.220835113784768
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:6A83D9FE2DB8A88BE12530F0E99246D9
                                    SHA1:93A491FDF8F9A974057130964BAC1FD26CBCAFCF
                                    SHA-256:8E9C1F2B63DED89F8F7B9EDAD5DB1E5A2AB4E8FCF1FD33F747CA0B31CDE17F1D
                                    SHA-512:CFD15F811B988C4997F6CD94F9140049C09025511FC0A80055B2903D1668A58E0E9133E967C0698F891CF9D83041A1BAE18014B994EB4AD92312A27975B4EFF6
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.PNG........IHDR..............>a.....sRGB.........IDATx..j.Q.E...i...u:?..`a.. ]b+$.....XX.&..$...... .@.A8f.i..s.w.a..a...k.7y.....@...... ...@...... ...@.....3..[.3cyv..-.Z..l.>.^\W'.-.[..lqr..y..Y.K......_...?.3....d..".y.-v.^..U......'........&Y.@?.>..[oZ...u..x......>..V9.....7.r......,...o.F.T#0b...|.m2ez.6e..,.Y.. @..>..f=O..C...g}...z.............<.....3....0.y.?...g<...`....8...x.' .....p.U.q.zkU..>. .<.x@JGx.hF.....W.C...:.....r...Y'..z^]..4#...X..!.fd.@..yu9.....`=......u.......@3.N ......hF.....W.C...:.....r...Y'..z^]..4#...X..!.fd.@..yu9.....`=......u.......@3.N ......hF.....W.C...:.....r...Y'..z^]..4#...X..!.fd.@..yu9.....`=......u.......@3.N ......hF.....W.C...:.....r...Y'..z^]..4#...X..!.fd.@..yu9.....`=......u.......@3.N ......hF.....W.C...:.....r...Y'..z^]..4#...X..!.fd.@..yu9.....`=......ubQm.-...........'&0lS=....vU=..D.FlS. [.LT.c...l..3Zf......]..|?....`g.eDd...`8 ........#0lq.Im...o....`yv..-.Z...}1.........w.7.x...l.W?..."....@......

                                    Chrome Cache Entry: 213

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (65453)
                                    Category:downloaded
                                    Size (bytes):1261180
                                    Entropy (8bit):5.5933053886083055
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E7E6EA350FE4E6ED3B767F0BA57C315E
                                    SHA1:07641FD3B722CCCD16217AEEDE840EA456B787A3
                                    SHA-256:012972A177B452A86771DCE43FFC8F22C4F9F4E411D5F2560417407177A4C9DA
                                    SHA-512:C00C0B0A16C3952B48370D2F36D91B26B56220BFAC25069CFCC317048152F579612F676EBB50C24FBCC547CB91837E3B39C8CCF108E6CB46289F34EBA3BABB7F
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/scripts/syno-vue-components/syno-vue-components.min.js?v=1710467838
                                    Preview:/*! For license information please see syno-vue-components.min.js.LICENSE.txt */.!function(t,e){"object"==typeof exports&&"object"==typeof module?module.exports=e(require("vue")):"function"==typeof define&&define.amd?define("syno-vue-components",["vue"],e):"object"==typeof exports?exports["syno-vue-components"]=e(require("vue")):t["syno-vue-components"]=e(t.Vue)}(self,(function(t){return function(){var e,i,n={1103:function(t){"use strict";t.exports={aliceblue:[240,248,255],antiquewhite:[250,235,215],aqua:[0,255,255],aquamarine:[127,255,212],azure:[240,255,255],beige:[245,245,220],bisque:[255,228,196],black:[0,0,0],blanchedalmond:[255,235,205],blue:[0,0,255],blueviolet:[138,43,226],brown:[165,42,42],burlywood:[222,184,135],cadetblue:[95,158,160],chartreuse:[127,255,0],chocolate:[210,105,30],coral:[255,127,80],cornflowerblue:[100,149,237],cornsilk:[255,248,220],crimson:[220,20,60],cyan:[0,255,255],darkblue:[0,0,139],darkcyan:[0,139,139],darkgoldenrod:[184,134,11],darkgray:[169,169,169],d

                                    Chrome Cache Entry: 215

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (6336)
                                    Category:downloaded
                                    Size (bytes):6337
                                    Entropy (8bit):5.26257196833408
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:D254ED3ED29F46A20689EA2DABC92F10
                                    SHA1:04AA1815CBB6E484D995E2DB2484C0FF4CED0AEB
                                    SHA-256:0D6EC90C92519358E7D956468A95CA496823380C6115FC1DACF96D2710D8054A
                                    SHA-512:22FEFA8EA540030E5CC1DB4F958021DE1809E15AB0AB87069B4AC2616F4719E02A7E42DFBB0A39641279B2694550AE93CAAC65F5B2B8841C8AECEAF140E90708
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/HybridShare/style.css?v=1720441408
                                    Preview:.c2-share-list .category,.c2-transform-summary .bold,.c2-transform-summary .name,.c2-transform-summary .value{font-weight:700}.c2-share-list .key,.c2-share-list .value{font-weight:400}.c2-transform-summary .highlight,.c2-transform-summary .value{color:#057FEB}.c2fs-hightlight-box,.c2-transform-summary{background:rgba(5,127,235,0.1);border-radius:5px;padding:10px 20px}.c2-link-no-bold{cursor:pointer;font-weight:normal !important}.c2-list-dot{margin:0 8px 3px 0;height:4px;width:4px;border-radius:50%;display:inline-block;background-color:#414b55}.c2fs-panel-no-padding.syno-ux-panel>.x-panel-bwrap>.x-panel-body,.c2fs-panel-no-padding.syno-ux-gridpanel>.x-panel-bwrap>.x-panel-body,.c2fs-panel-no-padding.syno-ux-formpanel>.x-panel-bwrap>.x-panel-body{padding:0px}.c2-share-offline-icon{background-image:url("images/1x/exgrid_hybridshare_offline.png?v=__PKG_VERSION__") !important;background-position:0px 0px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-r

                                    Chrome Cache Entry: 216

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (4249)
                                    Category:downloaded
                                    Size (bytes):4250
                                    Entropy (8bit):4.703086641039117
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:7C0A9151A5B1AB30BD63276A9EDFEFF2
                                    SHA1:E19BFE93535AF129F952068967B754CBED4344BD
                                    SHA-256:C307F80C80055A89608728141DAD95B43304C8B88B1B474C510938615E2761FA
                                    SHA-512:6C5550AF7591358BD701DC99EA471BED55466ED22A4544BF6551B48FABBBA5C2ED9E1B8F2F0F7736857E12499203475B57A636D11D1FF2D2DCE27E979B0950EC
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/SMBService/style.css?v=1728369688
                                    Preview:.resource-monitor-performance .performance-smb .legend-box-utilization .legend-util-header,.resource-monitor-performance .performance-smb .legend-box-utilization .legend-util-header .legend-header-value{font-weight:700}.resource-monitor-performance .performance-smb .chart{padding:0 15px 0 0}.resource-monitor-performance .performance-smb .current-field-top:first-child{padding-top:0px}.resource-monitor-performance .performance-smb .current-field-top{padding-top:12px}.resource-monitor-performance .performance-smb .current-field-bottom{padding-bottom:12px}.resource-monitor-performance .performance-smb .current-field-bottom:last-child{padding-bottom:0}.resource-monitor-performance .performance-smb .legend-box-smb_commands{padding-left:55px}.resource-monitor-performance .performance-smb .legend-box-packet_length{padding-left:55px}.resource-monitor-performance .performance-smb .legend-box-utilization{width:200px !important;padding-left:55px}.resource-monitor-performance .performance-smb .lege

                                    Chrome Cache Entry: 217

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (6531)
                                    Category:downloaded
                                    Size (bytes):23826
                                    Entropy (8bit):5.0570773604987735
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C5EA3D4601AEF9A6572E005CFA1036A9
                                    SHA1:92EB8CF0DEDA49EBAAA7206CCD240499AD159C2D
                                    SHA-256:41E0F67DE83050D4E1BF6A15FAAA7DB34239CFF6B0E8097342780EBC2744CEBB
                                    SHA-512:F7F72446B9AB34B834FECB6FA9FC8671994472076EE258EF2EE20A451DB6377F46D24EC13B87D53740DB02B430C6BCC4A4B554431B2E83F18704D0A8F74C60CD
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/desktop/dist/style.css?v=1711103609
                                    Preview:.launch-icon .text,.launch-icon .text a{font-weight:400}@keyframes loader-wrapper{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}@keyframes loader-outer{0%{transform:rotate(0deg)}100%{transform:rotate(200deg)}}@keyframes loader-inner{0%{transform:rotate(-160deg)}40%{transform:rotate(-90deg)}100%{transform:rotate(160deg)}}.sds-desktop-dd-ct li.launch-icon{width:64px;height:64px;background-size:64px 64px}.sds-desktop-dd-ct li.launch-icon.classical-desktop{width:48px;height:48px;background-size:48px 48px}.sds-desktop-dd-ct{position:absolute;width:144px;height:240px;overflow:visible;top:0;list-style:none}.sds-desktop-dd-ct li.launch-icon{position:static}.sds-desktop-dd-ct li.launch-icon .text,.sds-desktop-dd-ct li.launch-icon .text a{white-space:normal;visibility:hidden}.sds-desktop-dd-ct li.launch-icon.sds-desktop-icon-selected{border-radius:0;background-color:rgba(0,0,0,0);filter:none}.sds-launch-icon-dragging-proxy.x-dd-drag-proxy{width:0;height:0;padding:0}.sds-launch-icon-dr

                                    Chrome Cache Entry: 218

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text
                                    Category:downloaded
                                    Size (bytes):51
                                    Entropy (8bit):4.201960274134418
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9A7D51830B4EDCE368203443665B5A37
                                    SHA1:970791F441B15B985A061F2C432C7648F45C5542
                                    SHA-256:03CC706DCFE8FCC7DAE06EB3CC60CCEE8A851938E1FB7EA6D56A6A25EDBFE1CD
                                    SHA-512:2F16B0A5F9B18F66314DE616631E91E51305586BA3FD65F0DE921FCFBF8804AC8B04295142440DD96FC1AE3E7931A859A34FD1C010A377495247B79DA414FF27
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/webman/3rdparty/FileBrowser/custom_template.css?v=1730992945
                                    Preview:.syno-sds-sharing-login-dialog {..display: none;.}.

                                    Chrome Cache Entry: 219

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text
                                    Category:downloaded
                                    Size (bytes):256
                                    Entropy (8bit):5.254540223681366
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:35ACC900FE0002C8660E9F986702221C
                                    SHA1:64D1C8E9935835BF98E09FA75F630F593E1B0307
                                    SHA-256:E85FAF7B85C61465AA687C868E65D1B83E75AE86C154E43679D8E70E020B0DAE
                                    SHA-512:A076C80D0D85CF09656AECFABEE60A3F83ADB46278E117F3DFA760109ACCA04BBDAAA63AE5579C2EB7085B4BA3637C19C8CEB538DA4203A585BF8FA4E0A94CE0
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/SupportService/style.css?v=1727779989
                                    Preview:._2RZnChTeu9Se141LwjhW8Q{padding:8px 8px;margin-bottom:12px}._2RZnChTeu9Se141LwjhW8Q .v-fieldset-title-wrapper .v-fieldset-title{margin-left:-6px}.d4fhZyGWK3DFdjosaoaPe{line-height:20px;margin-left:0px;margin-bottom:6px;padding-top:4px;padding-bottom:4px}.

                                    Chrome Cache Entry: 220

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):70805
                                    Entropy (8bit):5.064397349532012
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E29D6E14CCD20C84C48A284D34AAF551
                                    SHA1:933948D05428EE308BB857C69575D410E4D1A17D
                                    SHA-256:85B1F4A5CD3508D38A9016838E170D94C948287726C6A487BB3A70EEC01280A9
                                    SHA-512:DB3F4544EA028D8A56E3AD2061525EAD5028D7CD1F30D83A14DE970D1D6F0C99A50452A672A86EDD08A16AAA9592404558FD7AAB38F066D00780E3D328FF3293
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/ScsiTarget/style.css?v=1692098608
                                    Preview:.syno-app-iscsi .syno-ux-expandable-listview .item-title-status{font-family:Verdana,Arial,sans-serif}.syno-app-iscsi .syno-ux-expandable-listview .item-title-status:lang(zh-TW){font-family:Verdana,Arial,Microsoft JhengHei,sans-serif}.syno-app-iscsi .syno-ux-expandable-listview .item-title-status:lang(zh-CN){font-family:Verdana,Arial,Microsoft YaHei,sans-serif}.syno-app-iscsi .syno-ux-expandable-listview .item-title-status:lang(ja){font-family:Verdana,Arial,Meiryo,sans-serif}.syno-app-iscsi .iscsi-overview-status-panel .iscsi-overview-statusbox-block .iscsi-overview-statusbox .statusbox-box .statusbox-title h3,.syno-app-iscsi .iscsi-overview-status-panel .iscsi-overview-statusbox-block .iscsi-overview-statusbox .statusbox-box .statusbox-title-right h3,.syno-app-iscsi .iscsi-overview-health-panel .health-text-block .iscsi-overview-health-title-block .health-text-title,.syno-app-iscsi .iscsi-overview-detail .syno-ux-expandable-listview .item-wrap .item-summary .item-title,.syno-app-iscsi

                                    Chrome Cache Entry: 222

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (11175)
                                    Category:downloaded
                                    Size (bytes):11176
                                    Entropy (8bit):5.031578846986128
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0C44952E305BF46C149C3F2D972B533F
                                    SHA1:B51F765064F30322AB35C47F3D654B55568006CA
                                    SHA-256:791C7E203E989AEE3D7EF94FAFCF909F87EBC4872DA8991BD294AA68F6C81C2E
                                    SHA-512:DA3316EA5F95BBF7AE468C8F6B2A75C54A68CAB08D124C2DA665149D2630CFDA0F24075C508888C2BE19EC68BCA97DE335036E6122F4D37E733E5BCFA6B58E85
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/SynologyApplicationService/style.css?v=1729048583
                                    Preview:.sas-email-account-wizard .email-provider-template .email-provider-custom{color:#057FEB}.sas-mail-form .syno-mail-default-use{background-image:url("images/1x/icon_success.png?v=7a6b1333522ccd0cd0dc2e33efe61cef");background-repeat:no-repeat;background-position:15% center}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .sas-mail-form .syno-mail-default-use{background-image:url("images/2x/icon_success.png?v=5d21376a4b8f95536b1d51897297c5a0");background-size:24px 24px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .sas-mail-form .syno-mail-default-use{background-image:url("images/2x/icon_success.png?v=5d21376a4b8f95536b1d51897297c5a0");background-size:24px 24px;outline:1px green dashed}}.sas-mail-dialog .mail-dialog-superboxselect .syno-ux-superboxselect{max-height:60px;overflow-y:auto !important}.sas-mail-dialog .mail-dialog-superboxselect .s

                                    Chrome Cache Entry: 223

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (40386)
                                    Category:downloaded
                                    Size (bytes):40387
                                    Entropy (8bit):4.984849077468279
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:AF352F5177D4A9522E9717FD51C9CCEC
                                    SHA1:5146D4E9F3FE59754137F6E7D147487CE05ADE58
                                    SHA-256:75104325A104B08A6AD72130EF3BCCCEDCD584612AADDBDF103A19B893F5DB64
                                    SHA-512:23DEE02E5E988EDBA9FEF3B969DC67B4441A365300609985C4F65503D701DDDFF7ECE40F8D7FEEA182FA577623D5CD38E80E96847D1C9B74BC9F043B4D5C9B2E
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/SynologyDrive-ShareSync/style.css?v=1723720850
                                    Preview:.syno-sdss .syno-extended-tree-node .syno-tree-node-cb{vertical-align:top;margin-top:4px;margin-right:4px}.syno-sdss .syno-extended-tree-node .syno-tree-node-music{background-image:url("images/1x/treenode_music.png");background-position:0 0 !important}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-sdss .syno-extended-tree-node .syno-tree-node-music{background-image:url("images/2x/treenode_music.png");background-size:16px 16px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-sdss .syno-extended-tree-node .syno-tree-node-music{background-image:url("images/2x/treenode_music.png");background-size:16px 16px;outline:1px red dashed}}.syno-sdss .syno-extended-tree-node .syno-tree-node-video{background-image:url("images/1x/treenode_video.png");background-position:0 0 !important}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device

                                    Chrome Cache Entry: 224

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):156759
                                    Entropy (8bit):5.072975587262972
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E844FE25BA5CC733A74DCC3CE693CBE8
                                    SHA1:FA7F5D06C95C11D451EB780599E019BDD487D300
                                    SHA-256:238DD91F136A07A7195B769E2D365C9F914F00D42A9680A0E03591D31BC520DB
                                    SHA-512:D8FD637EB68ED47FC18C6D1BC9CA41AA1CE3EF17900959F32D8ED354CE4D917999C86E97393C52A2F447A3495891EEFF3EDD4DED5EB060233E4784795ADA27D9
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/AudioStation/style.css?v=1712644107
                                    Preview:.syno-as-win .x-window-tl,.syno-as-dialog .x-window-tl{border-top-color:#00BEAE}.syno-as-win .x-panel-noborder .x-panel-tbar-noborder .x-toolbar,.syno-as-dialog .x-panel-noborder .x-panel-tbar-noborder .x-toolbar{border-bottom:none}.syno-as-win .syno-as-toolbar.syno-as-search-result-toolbar.x-toolbar,.syno-as-dialog .syno-as-toolbar.syno-as-search-result-toolbar.x-toolbar{padding:0 20px 20px 20px}.syno-as-win.syno-as-sharing-win .x-window-tl{background-image:none;background-color:#00BEAE;border-top:none}.syno-as-win.syno-as-sharing-win .x-window-header-text{color:#fff;font-size:18px}.syno-as-win.syno-as-sharing-win .x-window-header{height:50px}.syno-as-win.syno-as-sharing-win .x-tool{background-image:none;width:30px;height:30px}.syno-as-win.syno-as-sharing-win .x-tool .syno-ux-button.x-btn{width:28px;height:28px;border:none;background-color:transparent;background-image:none}.syno-as-win.syno-as-sharing-win .x-tool .syno-ux-button.x-btn.x-btn-pressed{background-color:rgba(0,0,0,0.25)}.s

                                    Chrome Cache Entry: 225

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (9940), with no line terminators
                                    Category:dropped
                                    Size (bytes):9960
                                    Entropy (8bit):5.001791022541553
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:65A02C1F4F4E3239C29AF027A270FD01
                                    SHA1:9DC91254DB6C13B8D9448251905621A48793CC11
                                    SHA-256:CAC5C055F287C2A0DFBD7B159B80C50AE4CD863B4F794F3463A29D5276B2D088
                                    SHA-512:7761CE7C3695CF45B7491DBA5378582EEE3246CD447BFCF1FD4595458A0EBD64BDB281D15B368F9850550921BAD2EA96BC63DA460BF614A8864AC8B0246606A7
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:<!doctype html> <html> <head> <script>window.dataLayer=window.dataLayer||[]</script> <meta http-equiv=Content-Type content="text/html; charset=UTF-8"/> <title>Unable to connect QuickConnect.</title> <link rel="shortcut icon" type=image/x-icon href=data:image/x-icon;base64,AAABAAIAEBAAAAAAAABoBQAAJgAAACAgAAAAAAAAqAgAAI4FAAAoAAAAEAAAACAAAAABAAgAAAAAAEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wCdmJcAzszLALaysQDn5eUA2tnYAMK/vgCppaQA9PPzAO3s7ADU0tEAyMbFALy5uADh4N8AsK2sAPv6+gCtqagA9/f3ANfV1QDGwsEA3t3cALm2tQDRz84Av7y7AMvIyADv7u4A6+rqAKunpgDp5+cA5ePjALSwrwD8/PwAt7SzAN3b2gDGxMMAqKOjALKurQDg3t4A09DPAMTBwADQzcwAzMrJAM7KygDKxsUA/v7+APb29gDu7e0ArqqpAOzr6wDm5OQAure2ALu4twDAvbwAwb69AMnHxgDf3t0A29nZAMbDwgDT0dAA0s/PAMrIxwDQzs0Az83NAOzr6gCxrawA6OfnANrY2ADDv74A19bVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                    Chrome Cache Entry: 226

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (9458)
                                    Category:downloaded
                                    Size (bytes):9552
                                    Entropy (8bit):4.866177601732052
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9072D94F3A9146808B42C6B3E151941E
                                    SHA1:0C63E21EEA0AE0CCC575CAB6E6F8B5442CD2E099
                                    SHA-256:067F9816593E102DAE20D795D1D903D1743EF4FBC00B90F9FA38E20DDEAFF5A4
                                    SHA-512:5F2E687B64FD4B321F3A30AD98DFB11A587BAD463FEC16249C62ABCA2BB89DCA763804E133F98236D5FEEAFCBD6582F9ED0FDC89E648CD98D9BF50D6DD96661E
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webapi/entry.cgi?api=SYNO.Core.Desktop.JSUIString&version=1&method=getjs&lang=enu&v=72806-s0
                                    Preview:SYNOJSLIB_Strings={"common":{"clean":"Clear","clear_input":"Clear input","commit":"Apply","disabled":"Disabled","error_system":"Unable to perform this operation. Please sign in to DSM and try again.","loading":"Loading...","reset":"Reset","setting_applied":"Changes applied.","size_byte":"Bytes","size_gb":"GB","size_kb":"KB","size_mb":"MB","size_pb":"PB","size_tb":"TB"},"extlang":{"afterPageText":"of {0}","afterdate":"The date in this field must be {0} or later","aftertime":"The time in this field must be later than {0}","alphaText":"This field should only contain letters and underscore (_).","alphanumText":"This field should only contain letters, numbers, and underscore (_).","apr":"April","aug":"August","beforePageText":"Page","beforedate":"The date in this field must be {0} or earlier","beforetime":"The time in this field must be earlier than {0}","cancel":"Cancel","closeText":"Close this tab","columnsText":"Columns","date_format":"Y/M/D","ddText":"{0} selected row(s)","dec":"Decembe

                                    Chrome Cache Entry: 227

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text
                                    Category:downloaded
                                    Size (bytes):96
                                    Entropy (8bit):4.50150370719232
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:FA9846E765C808B96C1DFE5F6E78075A
                                    SHA1:345E3B2D220183210917DC169AC01489194A910D
                                    SHA-256:DAB3917DB85ECE2614E82B4FD0726FB6CA2F572203968B9B98A802AE5A13974C
                                    SHA-512:B55CCB934473A9B9C0F8BDB9BF17E7C6AADFB82D8BA4EC90FA852778A0648BCB46FDB640F2284BBA38C54C5AA45F19DD3DCA2BD61785D168D38D982B61BE014C
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/EnableNewUpdateSetting/style.css?v=1711103609
                                    Preview:.radio[data-v-4a04a340]{margin-bottom:6px}.radio[data-v-4a04a340]:last-child{margin-bottom:0px}.

                                    Chrome Cache Entry: 228

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (6172)
                                    Category:downloaded
                                    Size (bytes):6173
                                    Entropy (8bit):4.955774315686783
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C96C3B2B4336DF88C755D000B0302C36
                                    SHA1:8C41FBEDD7660A2BEC0DFEDF982DDE0484046A3C
                                    SHA-256:2EF68D45808D01D7258ACDA2BAD618C19DADC5D6656F4EDC571C8E9EE3DE65B2
                                    SHA-512:F4B15160F79BD38F8CCCDA5A8E4DE58084954A1FFF6F6F8DB87D08630FB5835D4B4D095F5BB5A13A3B58222599F20BFD689DFF9B239E6C2CE8F426D8A95416FA
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/HotkeyManager/style.css?v=1711103609
                                    Preview:.hotkey-manager.sds-window-v5 .x-form-item-label .key,.syno-ux-tab-panel .syno-hotkeymap-grid.syno-ux-gridpanel .x-grid3 .x-grid3-row .x-grid3-cell .x-grid3-cell-inner .key{font-weight:700}.hotkey-manager.sds-window-v5 .x-form-item-label .key,.hotkey-manager.sds-window-v5 .x-tab-panel.syno-ux-tab-panel .x-tab-strip-active .x-tab-strip-text,.hotkey-manager.sds-window-v5 .x-tab-panel.syno-ux-tab-panel .x-tab-strip-active .x-tab-strip-text:hover,.hotkey-manager.sds-window-v5 .syno-ux-fieldset .x-fieldset-header .x-fieldset-header-text,.syno-ux-tab-panel .syno-hotkeymap-grid.syno-ux-gridpanel .x-grid3 .x-grid3-row .x-grid3-cell .x-grid3-cell-inner .key{color:#057FEB}.hotkey-manager.sds-window-v5 .x-form-item-label.syno-ux-item-label,.hotkey-manager.sds-window-v5 .x-form-display-field.syno-ux-displayfield,.hotkey-manager.sds-window-v5 .syno-ux-form-check-wrap .syno-ux-checkbox-label,.syno-ux-tab-panel .syno-hotkeymap-grid.syno-ux-gridpanel .x-grid3 .x-grid3-row .x-grid3-cell .x-grid3-cell-i

                                    Chrome Cache Entry: 229

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                    Category:downloaded
                                    Size (bytes):1099
                                    Entropy (8bit):7.754555776489704
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3ACBEF1D83AC34F19A2631D6C1A4AC57
                                    SHA1:AD6388080FCDEF67F4ADF57DFD43B5BD5A888EBF
                                    SHA-256:1B135BC02A4CC3650A1F783CB4773FDDAF7731425C2478F85331885EA1AD1F11
                                    SHA-512:D24C0CB37725D5D4DB4A3DB4E096F4EA2500EDDBC67EFDDC79380A6D856A56C054CDD4C49A68ABFD1947E538287B8D521A249DFAFED0B02D8F497E0FA6AFFB6C
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/favicon.ico?v=40438
                                    Preview:.PNG........IHDR...0...0.....W.......sRGB.........IDATh...Kh.A..YMZ*.U...V-.....J)VE.E/"^...E..._.C.{Q....A.C.Z{.Z?......J.Bk+.&!.u.&3.Iv...`".`33..7o......(D.:..r.@.....-'F.3.d.......$.(h.....Oy0.M...u..!}N...pL.....].h..m'.....Dn.|.....cR....y...UR7l..o.RI3.c.F.R},..f ..v._......#`.P...X..@.!.PA.V>.V.]&.'<......3.|..'....S.]..R.u....Hb......k.{..4...9.';V..s....JhA!.=.exw|>.*..C.....un.*Om<.Dg.X.N.lM.1&K.0!...s.......2......b...^,....D.hS#p...y......WD..L.U..4?.B.+..B.k+C...j\.x8ZF.:..*2..o..p..}..A.K}.fK.(.;t.m...*..4..W.aI\/..fb...A'.`x2.I'7.@....D..&..T.....i.A.rb....`@...u........C.<].>.G.K..P....#..s.....:a...A2a.....&`.Kl...Ca..e.-t.x.q..&.,m.F..........{..~,..u=.N.....OG..K/'c3..i..r.%........U...45.K...t...}I.l6T..LT.......l.....o|\T.826....*.DK.....~A...`..v.)_j..G..v&...plTbj.|..N0z.h.#%....h.m.z6~.ap.v##`a.?....xK%.$...y...1....kH}J.....f.sh&.}....P...x.>..p.n.P.8.)...N. ...cm...(....U.%a.V...........%..Lk..{.l...d#.Vt.....l....FT

                                    Chrome Cache Entry: 230

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (5598)
                                    Category:downloaded
                                    Size (bytes):5599
                                    Entropy (8bit):5.154031968244918
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:25D2106B282D17739BF264ACD842D5B7
                                    SHA1:69F05AF42BA61C590036791E17C4643D52F04FD4
                                    SHA-256:AA6B9DE6FFEB4B8B98A50986FBD6D33558D72E8763B771A0E60A7CB8967FC5EA
                                    SHA-512:51DDF750DDC23C837227B44D122E5A84394CABFC51FBD75853657F795AB2686FCF366B1FAA9259D9CA522D1F4CE648BA8D612487BA658A1A62B899CFFA3EE5BE
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/ExternalDevices/style.css?v=1711103609
                                    Preview:.sds-eject-device-panel .title{font-weight:400}.sds-eject-device-panel{padding:0 0 8px 0}.sds-eject-device-panel .x-panel-header{height:24px;padding-top:6px;padding-bottom:6px;border-bottom:1px solid rgba(198,212,224,0.7)}.sds-eject-device-panel .item{border:0;border-bottom:1px solid rgba(198,212,224,0.4);margin:0 8px 0 8px;height:48px;padding-top:8px}.sds-eject-device-panel .item:hover{background:rgba(5,127,235,0.04)}.sds-eject-device-panel .item.x-view-selected{background:rgba(5,127,235,0.1)}.sds-eject-device-panel .title{margin:0px 0px 0px 48px;vertical-align:top;font-size:13px;line-height:20px;color:#414b55;background-repeat:no-repeat}.sds-eject-device-panel .msg{margin-left:48px;height:20px;font-size:13px;line-height:20px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;padding-bottom:10px;color:rgba(65,75,85,0.6)}.sds-eject-device-panel .x-btn-ml,.sds-eject-device-panel .x-btn-mc,.sds-eject-device-panel .x-btn-mr{background:none}.sds-external-device-icon{margin-left:8px;

                                    Chrome Cache Entry: 231

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65362)
                                    Category:dropped
                                    Size (bytes):107482
                                    Entropy (8bit):5.223752984018099
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:7E43A7AAF7D3DC06A04BFC0DA96AAB31
                                    SHA1:F5A18CEA328B5D70C67331789C64B41E56519605
                                    SHA-256:6A347C66A2C2C3E43F3C7B12C7AF83295DF9EB88BBC338DF782C3B5FFA078579
                                    SHA-512:C1DCE4B0DD1C712DD65C3BD37B906644ABAD35190FA7DB5FCAD35A7BD5FEE387EA6D2DB9B8440181D95A3C2836253773FD1A147BCAD8FBDA872EB798FCDBFB1B
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:/*!. * Vue.js v2.7.14. * (c) 2014-2024 Evan You. * Released under the MIT License.. */./*!. * Vue.js v2.7.14. * (c) 2014-2024 Evan You. * Released under the MIT License.. */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).Vue=e()}(this,(function(){"use strict";var t=Object.freeze({}),e=Array.isArray;function n(t){return null==t}function r(t){return null!=t}function o(t){return!0===t}function i(t){return"string"==typeof t||"number"==typeof t||"symbol"==typeof t||"boolean"==typeof t}function a(t){return"function"==typeof t}function s(t){return null!==t&&"object"==typeof t}var c=Object.prototype.toString;function u(t){return"[object Object]"===c.call(t)}function l(t){var e=parseFloat(String(t));return e>=0&&Math.floor(e)===e&&isFinite(t)}function f(t){return r(t)&&"function"==typeof t.then&&"function"==typeof t.catch}function d(t){return null==t?"":A

                                    Chrome Cache Entry: 232

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (32476)
                                    Category:downloaded
                                    Size (bytes):32663
                                    Entropy (8bit):5.513627745207857
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:EAB213C29D7ECF3CF2099182CB828B61
                                    SHA1:F5A3E1E6A51D5430CF47798A41930B45536F7695
                                    SHA-256:563D0FA30EEC88EED7B390E227877CFBA3806CDDE97A3F6F1E011798D728DD2C
                                    SHA-512:4F4A04F85996D888BB50EACA53BA2A6ED23E959185EDDE7BBCD37E6FCE0DF0E3E499537419609BDCF70343DC3EF53166EC7AF08D69BE0342E9BBA2E9EB6DBE22
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/scripts/ext-3.4/adapter/ext/ext-base.js?v=1730992945
                                    Preview:/* Copyright (c) 2024 Synology Inc. All rights reserved. */../*. * Ext JS Library 3.4.0. * Copyright(c) 2006-2011 Sencha Inc.. * licensing@sencha.com. * http://www.sencha.com/license. */.window.undefined=window.undefined;Ext={version:"3.4.1",versionDetail:{major:3,minor:4,patch:1}};Ext.apply=function(d,e,b){if(b){Ext.apply(d,b)}if(d&&e&&typeof e=="object"){for(var a in e){d[a]=e[a]}}return d};(function(){var i=0,f=Object.prototype.toString,F=navigator.userAgent.toLowerCase(),q=function(e){return e.test(F)},w=document,s=w.documentMode,x=w.compatMode=="CSS1Compat",E=(q(/edge/)),a=q(/opera/),P=!E&&q(/\bchrome\b/),G=!E&&q(/webkit/),d=!(P||E)&&q(/safari/),N=d&&q(/applewebkit\/4/),L=d&&q(/version\/3/),J=d&&q(/version\/4/),I=d&&q(/version\/5/),l=!a&&q(/msie/),C=(q(/trident\/7/)),h=C,g=(q(/edge\/(\d+)./)),k=l&&(q(/msie 10/)||q(/trident\/6/)),D=l&&(q(/trident\/6/)),A=D&&(q(/touch;/)),K=l&&q(/trident\/5/),M=l&&!K&&!k&&!h&&q(/trident/),O=l&&!M&&!K&&!k&&!h&&q(/msie 7/),R=l&&!O&&!M&&!K&&!k&&!h&&q(/

                                    Chrome Cache Entry: 234

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text
                                    Category:downloaded
                                    Size (bytes):229
                                    Entropy (8bit):4.540476953104065
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:FCBBF79DE20ADD92F8AE18F3334D7A1A
                                    SHA1:DFBAF9292DE50CD9F1A9C47BA958FE621991FE03
                                    SHA-256:24F35AA45D1E3C9735E557498699412E082810A614E730DE629919125A33D116
                                    SHA-512:E09E01D8F17D80D7BF219656D7C216A88C827B333C4F5F85364920D78FEAB2DEC92859DE6A86A3387FFC03ACA357E34C97B217E7CADCB11FF3F9CE2FE12682B0
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/SharingManager/style.css?v=1725262674
                                    Preview:.syno-sharing-manager-edit-sharing-dialog .syno-ux-formpanel-has-fieldset form.x-form .x-form-item{margin:0}.syno-sharing-manager-edit-sharing-dialog .syno-ux-formpanel .syno-ux-fieldset .x-fieldset-bwrap{padding:8px 0 8px 32px}.

                                    Chrome Cache Entry: 235

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (11598)
                                    Category:downloaded
                                    Size (bytes):11599
                                    Entropy (8bit):4.993062735082349
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9506BEE13110C764B48935B3F2B03B8D
                                    SHA1:E1733D7C322C343688EFD3CDA06C120265CD0516
                                    SHA-256:5347AF83F8CBAE1D2DA43A67E788AE5CC67D1B64F60244810A23158A3DCF9D7D
                                    SHA-512:545019E065EBF648E5D788DBB51CC86658D4547F89C96AD77C90AA39F6F34D612508B2BCC327B361F08986A914AB3429D6717C13A79AED79AC589956E549805E
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/BackgroundTaskMonitor/style.css?v=1725262674
                                    Preview:.sds-filemonitor-tray-panel .syno-percentage-text .percentage-cmp-size{font-family:Verdana,Arial,sans-serif}.sds-filemonitor-tray-panel .syno-percentage-text .percentage-cmp-size:lang(zh-TW){font-family:Verdana,Arial,Microsoft JhengHei,sans-serif}.sds-filemonitor-tray-panel .syno-percentage-text .percentage-cmp-size:lang(zh-CN){font-family:Verdana,Arial,Microsoft YaHei,sans-serif}.sds-filemonitor-tray-panel .syno-percentage-text .percentage-cmp-size:lang(ja){font-family:Verdana,Arial,Meiryo,sans-serif}.sds-filemonitor-gridpanel .progress-text,.sds-filemonitor-gridpanel .filemonitor-bkmonitor-grid .sds-ux-progressbar.syno-percentage-cmp .extra-info,.sds-filemonitor-tray-panel .x-panel-header .x-panel-header-text{font-weight:700}.sds-filemonitor-tray-panel .sds-filemonitor-tray-action-text,.sds-filemonitor-tray-panel .syno-percentage-text .percentage-cmp-value{font-weight:400}.sds-filemonitor-gridpanel .sds-ux-progressbar.syno-percentage-cmp{padding-top:6px}.sds-filemonitor-gridpanel .sd

                                    Chrome Cache Entry: 236

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (719)
                                    Category:downloaded
                                    Size (bytes):1312
                                    Entropy (8bit):5.05845094325385
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:18C5A2D6C8823ED50598E7404AB8BBEB
                                    SHA1:D4C1BEA9E9D38F26E7C5BB223E5B43F95A393260
                                    SHA-256:CA9076B72A948C6BB8F0DE06400943FEFED647A4CDA4C615E0657261523C1CDC
                                    SHA-512:8A4AEA258014E8CD8A7939F9E8E6A62D92806A38E57A6382695794359CD06E3DAB3300BE3EB03BB9798C528A977B5575D347879E4751840B60D0E18CB875EA95
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/UpdateMaskApp/style.css?v=1711103609
                                    Preview:.upgrading-display .upgrading-title[data-v-0d22e1f6]{font-weight:700}.upgrading-display[data-v-0d22e1f6]{width:1024px;height:580px;box-sizing:border-box;padding:192px 212px 0px 212px;display:flex;flex-direction:column;align-items:center;background-color:#fff;box-shadow:0 4px 20px 0 rgba(0,0,0,.5);border-radius:4px}.upgrading-display .loading-icon[data-v-0d22e1f6]{margin:0 0 40px}.upgrading-display .upgrading-title[data-v-0d22e1f6]{margin-bottom:10px;font-size:22px;line-height:36px;text-align:center}.upgrading-display .upgrading-desc[data-v-0d22e1f6]{line-height:20px;text-align:center}..update-mask-app-window[data-v-e95e06e8] .v-window-header-wrapper{display:none}.update-mask-app-window[data-v-e95e06e8] .v-window-body{position:absolute;width:100%;height:100%;background-color:#2b67d6;overflow:auto}.update-mask-app-window .upgrading-display-layer[data-v-e95e06e8]{position:absolute;width:100%;height:100%;min-width:1024px;min-height:628px;display:flex;align-items:center;justify-content:ce

                                    Chrome Cache Entry: 237

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (26150)
                                    Category:downloaded
                                    Size (bytes):26151
                                    Entropy (8bit):5.332629800209427
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:893EF06447CBC9D8F345B917DD099995
                                    SHA1:C0BC2D1BFFBA70F6861622BFFD68E19A795FFFE1
                                    SHA-256:B527B09A2363BC83E9251B691FE60F2A23D32E2A2D08E5C9C31A583396DD7838
                                    SHA-512:6924F4DADB61B7DEBE29C0F6A36A40A0ACF661D0E901ED7F4A80871A8D3EEDD20B108196DA6B13A471567B05459F045003EEABDE0DD68CC09D16D7CFE6D7371F
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/PhotoViewer/style.css?v=1725262674
                                    Preview:.syno_photo_viewer .x-window-body{background:#202020;border-bottom:0 none}.syno_photo_viewer .loading-indicator{width:16px;height:16px;background:transparent url(images/1x/loading.gif) no-repeat center center}.syno_photo_viewer .image-container{position:absolute;max-width:100%;max-height:100%}.syno_photo_viewer .error-list-container{background-color:#202020;background-size:100% 100%;background-repeat:no-repeat;background-position:center center;background-image:url("images/1x/no_list_thumbnail.png?v=7f1bd91d624eddac3482fa8d9047e6b8")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno_photo_viewer .error-list-container{background-image:url("images/2x/no_list_thumbnail.png?v=0526e59b031434bed23331b3b484603d");background-size:120px 120px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno_photo_viewer .error-list-container{background-image

                                    Chrome Cache Entry: 238

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Web Open Font Format (Version 2), TrueType, length 37780, version 1.0
                                    Category:downloaded
                                    Size (bytes):37780
                                    Entropy (8bit):7.992323824807917
                                    Encrypted:true
                                    SSDEEP:
                                    MD5:E09CA52560D42E4626656B4FC70D970B
                                    SHA1:8EBC2396198A586A15352044DD1AA962018970E1
                                    SHA-256:ACDC8F60059CBF557957869F544DCE756689A499C506856522204B3EA06BE8C7
                                    SHA-512:42C6E7292562BA4760BB799C66BE6C9B511592763923EE43ADD5D1B9C261E6D70B5A6777AC0A81BC72261BAE91006F36DB9AED8C9C8040F57CB52E8863D72D5C
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://synostatic.synology.com/font/inter/inter-w400-7.woff2
                                    Preview:wOF2..............l....#..........................U.......?HVAR.?.`?STAT.8.../l.....t..:..4.0....6.$..d. ..\. ..[.XqA.....\.mc!......K.../f.....y@..M.K..?)..I..k...,'F..`eg.......5.......y......;..dSmf..i.2gdO...5d.0+..]c&..H.w(.R..'..?.J6?d..u'.n.62.I;.Z..@.m.......H......I..a..;.....HP.W..?L..u&}!....Z./.... .\X..-.aXd\.?.s....''...!....!....Hi.)..b....vP.b.J+m.A.m.h.s....[..Q..x..qx.s..sy>f.....GF.Ck.....4$>>.^.rt.I.....m....C..CL..r..Na*N..Rq.(.0.)LA.S8v.2....{g[{...F+v....h7.V.q..........[.].Z...*..2f)HeH..-c.Z.@......2.e.P....V(C@D....'((Ups/..../..?...0..V..Dq.8....a.....T~.....-...t.l./v.6v........ .......gx.... .$.i.])..6!f..L....N.qd8.y.m...y3K...6.$\Y.q<j....]#...P.......Q.;W.t....N....O.pb'.4...st...d..)...!..-.m|...R...n.$..5q.np..Nk..5.[L...+..Z\0....J.t....~.z%..1.1. .>.{....T.V....-..p...K...X..{.|F..N...C.S]....y.V&.K...Xi]<......Q..2q)...$\.^.$.M...h...v...j............f.....RYvw.7.b....X.e..J]T.."{.9~O7.b

                                    Chrome Cache Entry: 239

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65475)
                                    Category:downloaded
                                    Size (bytes):834527
                                    Entropy (8bit):5.301408348421376
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:177C8C2B77B3D215F23700837868627F
                                    SHA1:B5C897627CDBA8FC42029277FE16E021D293BB2C
                                    SHA-256:BCD8B660F2CE05D3941AB5B25594D620C1D206B18E7F93849E7E87BAC1D49E2B
                                    SHA-512:AB361FE80BB8F663F0730D3AB77100DB12FCD5E08BD82E37235314112124CB88E2173811D12B14906A3FB2E83FAD0DEC50FDEC3E9B70FB756EEF6060A94157CB
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/scripts/ext-3.4/ext-all.js?v=1730992945
                                    Preview:/* Copyright (c) 2024 Synology Inc. All rights reserved. */..(function(){var h=Ext.util,j=Ext.each,g=true,i=false;Ext.isDebug=Ext.urlDecode(location.search.substr(1)).jsDebug;Ext.isE2ETest=Ext.urlDecode(location.search.substr(1)).e2e;h.Observable=function(){var k=this,l=k.events;if(k.listeners){k.on(k.listeners);delete k.listeners}k.events=l||{}};h.Observable.prototype={filterOptRe:/^(?:scope|delay|buffer|single)$/,fireEvent:function(){var k=Array.prototype.slice.call(arguments,0),m=k[0].toLowerCase(),n=this,l=g,p=n.events[m],s,o,r;if(n.eventsSuspended===g){if(o=n.eventQueue){o.push(k)}}else{if(typeof p=="object"){if(p.bubble){if(p.fire.apply(p,k.slice(1))===i){return i}r=n.getBubbleTarget&&n.getBubbleTarget();if(r&&r.enableBubble){s=r.events[m];if(!s||typeof s!="object"||!s.bubble){r.enableBubble(m)}return r.fireEvent.apply(r,k)}}else{k.shift();l=p.fire.apply(p,k)}}}return l},addListener:function(k,m,l,r){var n=this,q,s,p;if(typeof k=="object"){r=k;for(q in r){s=r[q];if(!n.filterOptRe

                                    Chrome Cache Entry: 241

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):102345
                                    Entropy (8bit):5.98571456786943
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:75D81F2332F5EE4AEAE18C0519B947B7
                                    SHA1:5072B82D8020081296E53F5E79CE6707B674D7E0
                                    SHA-256:EA054E4033A68CB922C8A99D2DBE7699D82E3F871E5623C376A02081BD22161C
                                    SHA-512:71967DDA719D720F2C6231FE849E0D1D5BDCBA6CF371722107D26544C8CDB4DCA1606C535CA9D11561EB8C0EFD70026BBF6BB341DD1D7BB92EBB1A4E84BFC855
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile.me/7wODs/99hfK37gz
                                    Preview:<!doctype html> <html> <head> <script>window.dataLayer=window.dataLayer||[]</script> <meta http-equiv=Content-Type content="text/html; charset=UTF-8"/> <title>Access via Synology</title> <link rel="shortcut icon" type=image/x-icon href=data:image/x-icon;base64,AAABAAIAEBAAAAAAAABoBQAAJgAAACAgAAAAAAAAqAgAAI4FAAAoAAAAEAAAACAAAAABAAgAAAAAAEABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wCdmJcAzszLALaysQDn5eUA2tnYAMK/vgCppaQA9PPzAO3s7ADU0tEAyMbFALy5uADh4N8AsK2sAPv6+gCtqagA9/f3ANfV1QDGwsEA3t3cALm2tQDRz84Av7y7AMvIyADv7u4A6+rqAKunpgDp5+cA5ePjALSwrwD8/PwAt7SzAN3b2gDGxMMAqKOjALKurQDg3t4A09DPAMTBwADQzcwAzMrJAM7KygDKxsUA/v7+APb29gDu7e0ArqqpAOzr6wDm5OQAure2ALu4twDAvbwAwb69AMnHxgDf3t0A29nZAMbDwgDT0dAA0s/PAMrIxwDQzs0Az83NAOzr6gCxrawA6OfnANrY2ADDv74A19bVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

                                    Chrome Cache Entry: 243

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):237014
                                    Entropy (8bit):5.0371757727597535
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E596BE266CBCB5EFB0E50F08070F5C13
                                    SHA1:D9B84CBA583F3F190D7373295F1463475418D302
                                    SHA-256:DBDD743C551C73ABCA981A764C9E95D63BA7B5A17C2223E0E4E51CA911D1ECEB
                                    SHA-512:794E24F1BFE5424A1522D0B58BA332C92A335D1648575FC1E7969105663D05A35C1516CCD25F608047265F958ACB66AB467F5384FF509F54144E391301CECFEE
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/scripts/ext-3/ux/ux-all.css?v=1672898121
                                    Preview:.syno-ux-grid-mask-info div a,.x-window .ext-el-mask-msg.syno-ux-mask-info div a,.x-window .ext-el-mask-msg.syno-ux-grid-mask-info div a,.x-panel .ext-el-mask-msg.syno-ux-mask-info div a,.x-panel .ext-el-mask-msg.syno-ux-grid-mask-info div a,.syno-ux-gridpanel .x-grid-group .x-grid-group-hd div.x-grid-group-title,.syno-ux-editorgridpanel .x-grid-group .x-grid-group-hd div.x-grid-group-title,.syno-ux-fieldset .x-fieldset-bottomlegend,.syno-ux-datefield-menu table.x-date-inner tbody tr td.x-date-selected .x-date-date span,.syno-ux-datefield-menu table.x-date-inner tbody tr td.x-date-selected.x-date-today .x-date-date span,.syno-ux-datefield-menu table.x-date-inner tbody tr td.x-date-today .x-date-date span,.syno-ux-datefield-menu .x-date-mp tr td.x-date-mp-sel a,.syno-ux-datefield-menu .year-btn-ct .syno-ux-button.x-btn em button,.syno-ux-datefield-menu .month-btn-ct .syno-ux-button.x-btn em button,.syno-ux-tab-panel .x-tab-strip-top .x-tab-strip-text,.syno-ux-tab-panel .x-tab-strip-top

                                    Chrome Cache Entry: 244

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (39583)
                                    Category:downloaded
                                    Size (bytes):113520
                                    Entropy (8bit):5.052398632974853
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:DE07102861022512012CD4BE72FDAD26
                                    SHA1:5379AFEFAEFC5B86037EEE75C6D3A36341280A1F
                                    SHA-256:28B99070CDBC3AF7FBF63406BC0B1FA0E83EB6BD256B7C776F5D73263019319E
                                    SHA-512:191A833DCD4117E4E4FD5512E82F2F177BA2933C58533378AD1989A30A66A227AC481073EDD9DD8DAC663C774E34950A272173E5EA60B1A4462C22993A08FC18
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/WelcomeApp/style.css?v=1711103609
                                    Preview:.udc-main-panel,.welcome-agree-panel,.welcome-agree-panel .agreement-content h1,.welcome-agree-panel .agreement-content ul li{font-family:Verdana,Arial,sans-serif}.udc-main-panel:lang(zh-TW),.welcome-agree-panel:lang(zh-TW),.welcome-agree-panel .agreement-content h1:lang(zh-TW),.welcome-agree-panel .agreement-content ul li:lang(zh-TW){font-family:Verdana,Arial,Microsoft JhengHei,sans-serif}.udc-main-panel:lang(zh-CN),.welcome-agree-panel:lang(zh-CN),.welcome-agree-panel .agreement-content h1:lang(zh-CN),.welcome-agree-panel .agreement-content ul li:lang(zh-CN){font-family:Verdana,Arial,Microsoft YaHei,sans-serif}.udc-main-panel:lang(ja),.welcome-agree-panel:lang(ja),.welcome-agree-panel .agreement-content h1:lang(ja),.welcome-agree-panel .agreement-content ul li:lang(ja){font-family:Verdana,Arial,Meiryo,sans-serif}.syno-udc-win .inner-panel .title,.syno-sds-welcome .welcome-welcome-ct .welcome-title,.syno-sds-welcome .welcome-step-ct .welcome-step-title,.welcome-quickconnect-desc-panel

                                    Chrome Cache Entry: 247

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):140275
                                    Entropy (8bit):5.429499550577958
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:7669E159807143DFE214DA37B79B4610
                                    SHA1:56DCA58E8881DBAD338D6D12E3BC3D7A16EE6C41
                                    SHA-256:FCD07EB145C89175FA4EB9AAE3A53A2F8157EF388562EE4E6BF0D49A3E5AC1AF
                                    SHA-512:02596B24F8BEEEF97215B7194A070BB5F16FF43B9C375707ADE0ACB060A81A904F8AD0B4E5DCA27552C1A6F6C25FE963DA171FFE5BA8AF44B3E62EC44D0E1FD4
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/synoSDSjslib/dist/sds.bundle.js?v=1715242943
                                    Preview:!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var r=t();for(var o in r)("object"==typeof exports?exports:e)[o]=r[o]}}(window,(function(){return function(e){function t(t){for(var o,i,a=t[0],c=t[1],l=t[2],_=0,d=[];_<a.length;_++)i=a[_],Object.prototype.hasOwnProperty.call(n,i)&&n[i]&&d.push(n[i][0]),n[i]=0;for(o in c)Object.prototype.hasOwnProperty.call(c,o)&&(e[o]=c[o]);for(u&&u(t);d.length;)d.shift()();return s.push.apply(s,l||[]),r()}function r(){for(var e,t=0;t<s.length;t++){for(var r=s[t],o=!0,a=1;a<r.length;a++){var c=r[a];0!==n[c]&&(o=!1)}o&&(s.splice(t--,1),e=i(i.s=r[0]))}return e}var o={},n={2:0},s=[];function i(t){if(o[t])return o[t].exports;var r=o[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.m=e,i.c=o,i.d=function(e,t,r){i.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.to

                                    Chrome Cache Entry: 248

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (2582)
                                    Category:downloaded
                                    Size (bytes):3656
                                    Entropy (8bit):4.825739947285685
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:1184E6F2180F470C446D5884ED90D1DE
                                    SHA1:FA56A9395AC8302D9C3E0BC0825309F4E3228EE8
                                    SHA-256:5843D540280D88FAE17DADBAACA0941921FB84936C2F40F3363B9D9B416301A0
                                    SHA-512:2C33DCF1556B78EC328A40D1D577F820E6185116507BA2C1A9598ABB9667D5FA024DA88691AC745788EF9C6E2818B120BBCAA2E33D1A8ABBA5B633FFD37BD272
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/DesktopProgress/style.css?v=1725262674
                                    Preview:.number-wrapper .progress-number{font-family:Verdana,Arial,sans-serif}.number-wrapper .progress-number:lang(zh-TW){font-family:Verdana,Arial,Microsoft JhengHei,sans-serif}.number-wrapper .progress-number:lang(zh-CN){font-family:Verdana,Arial,Microsoft YaHei,sans-serif}.number-wrapper .progress-number:lang(ja){font-family:Verdana,Arial,Meiryo,sans-serif}.number-wrapper .progress-percentage{font-weight:400}.number-wrapper{position:absolute;display:flex;flex-direction:row;align-items:flex-end;top:50%;left:50%;transform:translate(-50%, -50%)}.number-wrapper .progress-number{font-weight:300;height:90px;color:#fff;font-size:90px;line-height:90px;text-align:center}.number-wrapper .progress-percentage{height:36px;color:#fff;font-size:20px;line-height:36px;text-align:center}.circle-wrapper{position:absolute;width:100%;height:100%;transform:rotate(-90deg)}.circle-wrapper .circle{stroke:#fff;fill-opacity:0;stroke-linecap:round}.circle-wrapper .background-bar{stroke-width:6;stroke-opacity:.3}.circ

                                    Chrome Cache Entry: 249

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):40
                                    Entropy (8bit):4.377567157116928
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:DB7B0A8AE727F01124683503F12C339C
                                    SHA1:09C8666DC9AB4E10F0A13266233D1A18AFDA2B90
                                    SHA-256:5D779A78CDAA375B8C11C30A6578B6046DA565F7DD05554A6BCAA62B5156B687
                                    SHA-512:6A0DDDCFB8D4F3CA1F6FB89FC7B52169FF453C3E7770DDD81065FD650052FE76A1DC296486341AF42224A5482C9A8B7A9ED0D107C40A6B9012EA2D4345760BEA
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHglOiqVXWV_zYxIFDeeNQA4SBQ1Xevf9EgUNyX0kuw==?alt=proto
                                    Preview:ChsKBw3njUAOGgAKBw1Xevf9GgAKBw3JfSS7GgA=

                                    Chrome Cache Entry: 250

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (12665)
                                    Category:downloaded
                                    Size (bytes):12666
                                    Entropy (8bit):4.982392093465049
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3CB46A547CAF1A4FF01FCDFFAE9012F6
                                    SHA1:F40AD6A859D960948D055AA1F46ABB00E6336216
                                    SHA-256:BEECE48E6C6CFA0385ABCFDB0B0DF11D7DC3CEE923B3EA337786909CBBEE0651
                                    SHA-512:E5DE6CF7D6E7292D84502B8B005D3F2FC6544710B4669A53DC50252B45D86A07C26738483486CBC419709B0E82F4C3374B2C5DF781E91556F2270A80F057FA31
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/Utils/style.css?v=1725262674
                                    Preview:.syno-utils-timeline-wrapper .syno-utils-timeline-scroller ul .month-label,.syno-utils-timeline-wrapper .syno-utils-timeline-scroller li b,.syno-utils-timeline-wrapper .syno-utils-timeline-scroller li.date-selected .selection-tag .selected-time{font-weight:700}.syno-utils-timeline-wrapper .syno-utils-timeline-scroller ul .month-label,.syno-utils-timeline-wrapper .syno-utils-timeline-scroller li b,.syno-utils-timeline-wrapper .syno-utils-timeline-scroller li.date-selected .selection-tag .selected-time{font-weight:700}.syno-utils-timeline-wrapper{position:absolute;z-index:1;top:0px;left:0px;bottom:0px;right:0px;height:85px;background:#e6f5ff;overflow:hidden}.syno-utils-timeline-wrapper .syno-utils-timeline-scroller{position:absolute;z-index:1;width:10980px;height:100%;-webkit-transform:translateZ(0);-moz-transform:translateZ(0);-ms-transform:translateZ(0);-o-transform:translateZ(0);transform:translateZ(0);-webkit-touch-callout:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-

                                    Chrome Cache Entry: 251

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (58400)
                                    Category:downloaded
                                    Size (bytes):58551
                                    Entropy (8bit):4.808230171683908
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:75E8F4410EA38653B2EC0E1B11D13833
                                    SHA1:0B4745CFED19CC8C3ACA740E240F8115B06428D7
                                    SHA-256:CB97D0D44459E3581A61682291A04428E622E69EFE56B60EE9B6340C4F408B82
                                    SHA-512:C663F6469FC672235FD07A2B6F7548AFCFDF68FB57B9FEDD5FE60B65DFD5BF5E567D6210B98C8DB6118CA91C1FB19CCF5D86BF2326D7448DDDC9B0710DE8F1E1
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webapi/entry.cgi?api=SYNO.FileStation.UIString&version=1&method=getjs&lang=enu
                                    Preview:SYNO_FileStation_Strings={"acl_editor":{"acl_rules_reach_limit":"ACL explicit permissions exceeds the maximum number of entries.","acl_rules_reach_limit_report":"Estimated number of entries: _count_ / Maximum number of entries: _maxCount_","add_inherited":"Include inherited permissions","admin_cannot_set_acl_perm":"The changes you made will not be applied because the administrator account \"{0}\" has full privilege control.","adming_shouldnt_set_acl_perm":"{0} belongs to the administrators group and should have full file transfer permissions. Therefore, this permission rule will not be applied to File Station or file protocols at Control Panel > File Services. Are you sure you want to create this rule?","administration":"Administration","alert_set_self_denied_acl":"When this setting is applied, you will be denied access to this shared folder. Are you sure you want to apply this setting?","all_descendants":"All descendants","all_scope":"All","allow":"Allow","apply_to":"Apply to","change

                                    Chrome Cache Entry: 253

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (574)
                                    Category:downloaded
                                    Size (bytes):575
                                    Entropy (8bit):4.677558857790853
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:D2B31C173FFDA2520B302D4F860F932A
                                    SHA1:93042496F01CCAA9208416536FB98EDAC4DFB144
                                    SHA-256:5C4369C9AB3B5BAF5E72930A154117A6949191D5EF12D321FB4E25FA248E4AC9
                                    SHA-512:F7C19BDE286F65CCD317A8C73D285C2CEEC960828EF7BAA8CA64682F3921800C49FF93785BBC5C8EB9E2A998982E0A550F6930CBBFC5E7323AE2544A1163EBCE
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/DiskMessageHandler/style.css?v=1711103609
                                    Preview:.syno-disk-message-handler .x-window-body .x-panel-body.x-panel-body-noheader.x-panel-body-noborder.x-form{padding:0px !important}.syno-disk-message-handler .x-window-body .x-panel-body.x-panel-body-noheader.x-panel-body-noborder.x-form .mcontentwrapper{padding:0px !important}.syno-enc-fw-upd-progress-message{color:rgba(65,75,85,0.6) !important;line-height:20px !important}.syno-disk-message-handler.sds-window-v5 .x-window-header.x-panel-icon{padding-left:20px}.syno-disk-message-handler.sds-window-v5 .x-window-header.x-panel-icon .x-window-header-text{padding-left:0px}.

                                    Chrome Cache Entry: 255

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (1619)
                                    Category:downloaded
                                    Size (bytes):1620
                                    Entropy (8bit):5.157286576760658
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:CE044929F5C61770800A0C8CF8B6BDD7
                                    SHA1:311880FA03C913EC687009CF3AB6570735B4ABF0
                                    SHA-256:9942574442FE40E69B702EEA09FBE79BE36E88C35234D78F5236BF9DC376B87D
                                    SHA-512:E4963A6662D5E49F9D0B5CAC56EE1E893F8B532DB4D35A216197E84FA6672165D551398CB27C27EF9325BA59BD7A204128EDD1236B75E89A48D947587D42BBC6
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/ClipBoardJS/style.css?v=1725262674
                                    Preview:.syno-ux-button.x-btn.clipboard-btn-cut{width:28px !important}.syno-ux-button.x-btn.clipboard-btn-cut .x-btn-text{background-position-y:1px;background-image:url("images/1x/bt_cut.png?v=3233a6e695537238e8ed78e871916c7b")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-ux-button.x-btn.clipboard-btn-cut .x-btn-text{background-image:url("images/2x/bt_cut.png?v=cc037ab2a9c4ebecfe92efae2d6de93e");background-size:24px 48px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-ux-button.x-btn.clipboard-btn-cut .x-btn-text{background-image:url("images/2x/bt_cut.png?v=cc037ab2a9c4ebecfe92efae2d6de93e");background-size:24px 48px;outline:1px green dashed}}.syno-ux-button.x-btn.clipboard-btn-copy{width:28px !important}.syno-ux-button.x-btn.clipboard-btn-copy .x-btn-text{background-position-y:1px;background-image:url("images/1x/bt_copy.png?v=e82312

                                    Chrome Cache Entry: 256

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (8799)
                                    Category:downloaded
                                    Size (bytes):84398
                                    Entropy (8bit):4.893932331986542
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4815F38DD142D1134F5C46A57AE791E4
                                    SHA1:EE928F22080BD49301A0DAF3CF2D062AEF37BFC4
                                    SHA-256:C7ADA1F5A4763C81000093AA10DF4247E4FD0297DC5A06115FB194490651A86E
                                    SHA-512:A185B055DE18466D26E34274EBC2081E1BC66FBC4E30F054C2D64334088120D0105285DAF28ACB020343C9E6D6815518E303564008C6003EB0F7BACD4EE26906
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/scripts/ext-3.4/resources/css/ext-all.css?v=1672898121
                                    Preview:/*!. * Ext JS Library 3.4.0. * Copyright(c) 2006-2011 Sencha Inc.. * licensing@sencha.com. * http://www.sencha.com/license. */html,body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,p,blockquote,th,td{margin:0;padding:0}img,body,html{border:0}address,caption,cite,code,dfn,em,strong,th,var{font-style:normal;font-weight:normal}ol,ul{list-style:none}caption,th{text-align:left}h1,h2,h3,h4,h5,h6{font-size:100%}q:before,q:after{content:''}.ext-forced-border-box,.ext-forced-border-box *{-moz-box-sizing:border-box;-ms-box-sizing:border-box;-webkit-box-sizing:border-box}/*!. * Ext JS Library 3.4.0. * Copyright(c) 2006-2011 Sencha Inc.. * licensing@sencha.com. * http://www.sencha.com/license. */.ext-el-mask{z-index:100;position:absolute;top:0;left:0;-moz-opacity:0.5;opacity:.50;filter:alpha(opacity=50);width:100%;height:100%;zoom:1}.ext-el-mask-msg{z-index:20001;position:absolute;top:0;left:0;border:1px solid;background:repeat-x 0 -16px;padding:2px}.ext-el-mask-msg div{padding:

                                    Chrome Cache Entry: 257

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (14816)
                                    Category:dropped
                                    Size (bytes):14817
                                    Entropy (8bit):5.3943906664520584
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C89D0AC8E182DFEF3243AC7D5B028B96
                                    SHA1:677F756B9BDDA7941FBB0FC951C07980E031FBE5
                                    SHA-256:6BC17C5CE390F2B4FCD545181AC3795AA1A48D332C9B54B1444BC9F028F77386
                                    SHA-512:05F64F387D0DE47D07FA9CCC453DB13D5722E7D62D74F785077B8908F5C3CD65B2F4A4B88669E0DB6D70097F7118AFF873476AE34360E6D8E7AFF14FA5726E77
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:var synocredential=function(e){"use strict";e=e&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e;var t=null;function i(){return new Promise(e=>{synowebapi.promises.request({api:"SYNO.Remote.Credential.Challenge",method:"get",version:1}).then(t=>t&&t.challenge?e([void 0,t.challenge]):e([t]))})}class o{constructor(e={}){this.opt=e}makeid(e){for(var t="",i="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",o=i.length,s=0;s<e;s++)t+=i.charAt(Math.floor(Math.random()*o));return t}async execute(e){return this.login(Object.assign({challenge_getter:i},e))}async login(e={}){Object.assign(this.opt,e);let i=e=>{this.opt.callback(e,this.opt)},o=this.opt.url,s=this.opt.scope,n=this.opt.audience,r=this.opt.redirect_uri||window.origin,a=this.opt.client_id||"webui",c=this.opt.session||"webui",h=this.opt.forceLogin,l={capture:!1};if(!o||""===o)return i({message:"no request url."}),this.cancel();if(null!=t&&!t.closed)return void t.focus();if(!(t=window.open("about:blank","chi

                                    Chrome Cache Entry: 260

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (65511), with no line terminators
                                    Category:downloaded
                                    Size (bytes):1591827
                                    Entropy (8bit):4.867314108053061
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5419BABC6C04AF46EBE40F3A669E350A
                                    SHA1:287D8D4832723B839B6E7D6D48BC515613E52322
                                    SHA-256:E8EA8D84D8A58BE411EF2EF7D7A73761A0CD0EA60C2C9B7ED9A3C8484901D6FB
                                    SHA-512:CA5C30BE977A006B346C71CA42D91A6D8152D2FA8140CA89422EC7EB4FD1B94372530B05BE666C5B8A5B13EE9A6449FBF250899E2CCDDD56C5F72E295653A639
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webapi/entry.cgi?api=SYNO.Core.Desktop.UIString&version=1&method=getjs&lang=enu&v=1728409880
                                    Preview:SYNO_WebManager_Strings={"*filebrowser*":{"filebrowser_notify_email_failed":"\"Category: System","filebrowser_notify_email_success":"\"Category: System"},"*mail*":{"TPLUNReachHardLimit":"\"Category: Storage,Important","TPLUNReachLowHardLimit":"\"Category: Storage,Important"},"Country":{"A1":"System Reserved (Anonymous Proxy)","A2":"System Reserved (Satellite Provider)","AD":"Andorra","AE":"United Arab Emirates","AF":"Afghanistan","AG":"Antigua & Barbuda","AI":"Anguilla","AL":"Albania","AM":"Armenia","AO":"Angola","AP":"Asia-Pacific Region","AQ":"Antarctica","AR":"Argentina","AS":"American Samoa","AT":"Austria","AU":"Australia","AW":"Aruba","AX":".aland Island","AZ":"Azerbaijan","BA":"Bosnia & Herzegovina","BB":"Barbados","BD":"Bangladesh","BE":"Belgium","BF":"Burkina","BG":"Bulgaria","BH":"Bahrain","BI":"Burundi","BJ":"Benin","BL":"Saint Barth.lemy","BM":"Bermuda","BN":"Brunei","BO":"Bolivia","BQ":"Caribbean Netherlands","BR":"Brazil","BS":"The Bahamas","BT":"Bhutan","BV":"Bouvet Isl

                                    Chrome Cache Entry: 261

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (64777)
                                    Category:dropped
                                    Size (bytes):88319
                                    Entropy (8bit):5.27993956233464
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E0613F5EDD1EEAA36ECFDFA0F3E26FB6
                                    SHA1:B8A5186CF12ADA995DDC7240D1812AFB8FB5D5D8
                                    SHA-256:8DC29EA61DD6C0B0E3F4821C43268ACD2C4D8C1230D31BB7D48297C8AE6DC644
                                    SHA-512:7977212376BDA02726BBBCA569685977365F7852878B779D104C2A747CDFE0335A05656AC05F6E01002744BE51787F772F51C5D5CF01913A6A33A8F2F75D46E7
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:var vendor_library=function(e){function t(r){if(n[r])return n[r].exports;var i=n[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,t),i.l=!0,i.exports}var n={};return t.m=e,t.c=n,t.d=function(e,n,r){t.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,"a",n),n},t.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t.p="",t(t.s=0)}([function(e,t,n){e.exports=n},function(e,t,n){var r,i;/*!. * jQuery JavaScript Library v3.7.1. * https://jquery.com/. *. * Copyright OpenJS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. *. * Date: 2023-08-28T13:37Z. */.!function(t,n){"use strict";"object"==typeof e&&"object"==typeof e.exports?e.exports=t.document?n(t,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return n(e)}:n(t)}("undefined"!=typeof window?window

                                    Chrome Cache Entry: 263

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
                                    Category:downloaded
                                    Size (bytes):402691
                                    Entropy (8bit):5.00180361538037
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:DD10A223933BBB91C235072C64CEDAD3
                                    SHA1:5F0A527E10752A349159C51B9AD1255D7267A7D1
                                    SHA-256:C6A89DA3234B2E0ED7F9DA6BB24EE3185326280EC3FFD1EF005058CD2D987268
                                    SHA-512:E8F125EA631E57EDAD3BF52981D949EA31F190F28DD90B76193B6A882EDA7F7011DF956A68A7DE45EFEAE50DE70982B6D6FFC19658AE75E6932B94F5FD77E16B
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/SynologyPhotos/style.css?v=1729763488
                                    Preview:@charset "UTF-8";.video-js .vjs-big-play-button .vjs-icon-placeholder:before,.video-js .vjs-modal-dialog,.vjs-button>.vjs-icon-placeholder:before,.vjs-modal-dialog .vjs-modal-dialog-content{height:100%;left:0;position:absolute;top:0;width:100%}.video-js .vjs-big-play-button .vjs-icon-placeholder:before,.vjs-button>.vjs-icon-placeholder:before{text-align:center}@font-face{font-family:VideoJS;font-style:normal;font-weight:400;src:url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAABDkAAsAAAAAG6gAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADsAAABUIIslek9TLzIAAAFEAAAAPgAAAFZRiV3hY21hcAAAAYQAAADaAAADPv749/pnbHlmAAACYAAAC3AAABHQZg6OcWhlYWQAAA3QAAAAKwAAADYZw251aGhlYQAADfwAAAAdAAAAJA+RCLFobXR4AAAOHAAAABMAAACM744AAGxvY2EAAA4wAAAASAAAAEhF6kqubWF4cAAADngAAAAfAAAAIAE0AIFuYW1lAAAOmAAAASUAAAIK1cf1oHBvc3QAAA/AAAABJAAAAdPExYuNeJxjYGRgYOBiMGCwY2BycfMJYeDLSSzJY5BiYGGAAJA8MpsxJzM9kYEDxgPKsYBpDiBmg4gCACY7BUgAeJxjYGS7wTiBgZWBgaWQ5RkDA8MvCM0cwxDOeI6BgYmBlZkBKwhIc01hcPjI+FGJHcRdyA4RZgQRADK3CxEA

                                    Chrome Cache Entry: 265

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):82136
                                    Entropy (8bit):5.052760299486999
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:6DB4E14675F867F13EE2DDB150707E4F
                                    SHA1:A97B2D95EBC540D734AD362F971A0A16E7BA1D8A
                                    SHA-256:6998C976666A01549487029ABFC38F859358BD2E1867E70DA03DC7DE2B763DCB
                                    SHA-512:D650C8673DDEB6CBD7F016CFF6539FCDBB7D9CCA483F07C67500570AF915521C869F646781F940B4CE37FC144039CC36933F99EED8E12B6798227C51189AC4EF
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/DownloadStation/style.css?v=1714364288
                                    Preview:.syno-dl-win .syno-dl-textblod{font-weight:700}.x-window.syno-dl-win .x-window-body,.x-window.syno-dl-win .x-window-footer,.x-window.syno-dl-dialog .x-window-body,.x-window.syno-dl-dialog .x-window-footer{background-color:#fff}.syno-dl-win .syno-dlm-tabpanel .x-tab-panel-body{padding-top:0px}.x-window.syno-dl-captcha-win.download-captcha-formpanel .x-form-item.x-hide-label{padding-left:185px}.x-window.syno-dl-captcha-win.download-captcha-formpanel .captcha-image-field{height:100px;display:table-cell;vertical-align:bottom}.x-window.syno-dl-captcha-win.download-captcha-formpanel .captcha-image-field img{max-height:87px}.x-window.syno-dl-captcha-win.download-captcha-formpanel .captcha-error-message{line-height:18px;padding-top:5px;padding-bottom:1px;color:#E64040}.x-window.syno-dl-captcha-win.download-captcha-formpanel .syno-ux-formpanel .x-form-item .captcha-info{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.x-window.syno-dl-captcha-win.download-captcha-formpanel .syno-ux-fo

                                    Chrome Cache Entry: 267

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):1319
                                    Entropy (8bit):4.724708577444314
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C6EF3E380F7575E5105A58FD094F5C84
                                    SHA1:2E7796366B4C024D4410743523B4DB8C73EAAB73
                                    SHA-256:0B3C7FE1526F505C9E609FCD8CABA66995613749A6E4171D5EA426860B8AB46E
                                    SHA-512:6B48A7C089EC69C424F119FF5E59515F57D51B2ACBC74C497F26EC11321C90C6470E06D838CA5461213F94FA46DF082C1EF0E0D923B25357EBAFBD282A7029BA
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:SYNO.SDS.Session = {. "configured" : true,. "diskless" : false,. "enable_syno_token" : "no",. "fullversion" : "1730912426",. "hostname" : "dsv",. "isLogined" : false,. "lang" : "enu",. "login_background_color" : "#FFFFFF",. "login_background_enable" : false,. "login_background_ext" : ".jpg",. "login_background_pos" : "center",. "login_background_seq" : 0,. "login_background_type" : "fromDS",. "login_enable_fp" : 0,. "login_logo_enable" : false,. "login_logo_ext" : ".jpg",. "login_logo_pos" : "center",. "login_logo_seq" : 0,. "login_only_bgcolor" : false,. "login_style" : "tpl1",. "login_version_logo" : false,. "protect_title" : "",. "sharing" : true,. "sharing_id" : "99hfK37gz",. "sharing_status" : "none",. "sharing_theme" : {},. "version" : "1730912426".}.;SYNO.SDS.ExtraSession = {. "background_color" : "",. "background_path" : "../webman/fbsharing_login_background?v=1730992971",. "background_position" : "",. "enable_backgr

                                    Chrome Cache Entry: 268

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):91599
                                    Entropy (8bit):5.231685524447213
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9B6C48458D60A090BB9B0205FDE8168B
                                    SHA1:FF4820F2588FFA2B36952844DC2DB445AC88337A
                                    SHA-256:7E1B1D49350FB9D3106DDD91BF0098F9EEB9B9695549D8307B3A0322BDC6C182
                                    SHA-512:887F618A525882DA708831F2ABD081916639D18FD7A13A637373AE605A75BAEE792C9EC958D7CA8F8790526F36C7D25D98F7697C75870066A566879E30230844
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/resources/css/desktop.css?v=1711103609
                                    Preview:b{font-weight:700}.x-dd-drag-proxy .x-dd-drag-ghost,.x-tree-drop-ok-append .x-dd-drag-ghost,.x-tree-drop-ok-above .x-dd-drag-ghost,.x-tree-drop-ok-between .x-dd-drag-ghost,.x-tree-drop-ok-below .x-dd-drag-ghost,.x-dd-drag-proxy .x-dd-drag-ghost .x-grid3-hd-inner,.x-dd-drag-proxy .x-dd-drag-ghost span,.x-tree-drop-ok-append .x-dd-drag-ghost .x-grid3-hd-inner,.x-tree-drop-ok-append .x-dd-drag-ghost span,.x-tree-drop-ok-above .x-dd-drag-ghost .x-grid3-hd-inner,.x-tree-drop-ok-above .x-dd-drag-ghost span,.x-tree-drop-ok-between .x-dd-drag-ghost .x-grid3-hd-inner,.x-tree-drop-ok-between .x-dd-drag-ghost span,.x-tree-drop-ok-below .x-dd-drag-ghost .x-grid3-hd-inner,.x-tree-drop-ok-below .x-dd-drag-ghost span{color:#414b55}.syno-no-script{width:100%;height:100%;background-color:#3D8ECC}.syno-no-script .align-center{width:460px;margin-left:auto;margin-right:auto;text-align:center}.syno-no-script .title{color:#fff;font-size:44px;line-height:44px;text-shadow:0px 1px 2px rgba(0,0,0,0.25);padding-

                                    Chrome Cache Entry: 269

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (41722)
                                    Category:dropped
                                    Size (bytes):333195
                                    Entropy (8bit):5.256373640742375
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:71D3EB8CAAB7447D7092F8DDEF01BC6C
                                    SHA1:8B95AD5CE5177C5A1F667C184B53F205E6CCBAA0
                                    SHA-256:5D64D175E4FC72FD0FF1D69A489ABDD390F0A44A77FA35872F9C43D0FF758248
                                    SHA-512:1B189B1D93F78B9D65ABA32F94096C1929AE0ABA0BE89411EA8DAA2C99085A4AE45078D486EE8728FF7D18BE9B9ABB28611138489AC6E9828873F9CA812D6C1A
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:/* Copyright (c) 2024 Synology Inc. All rights reserved. */..Element.prototype.matches||(Element.prototype.matches=Element.prototype.msMatchesSelector||Element.prototype.webkitMatchesSelector),Element.prototype.closest||(Element.prototype.closest=function(t){var e=this;do{if(e.matches(t))return e;e=e.parentElement||e.parentNode}while(null!==e&&1===e.nodeType);return null}),Ext.define("SYNO.ux.FleXcrollConfig",{statics:{ComboBox:{initList:function(){if(!this.list){var t="x-combo-list",e=Ext.getDom(this.getListParent()||Ext.getBody());this.list=new Ext.Layer({parentEl:e,shadow:this.shadow,cls:[t,this.listClass].join(" "),constrain:!1,zindex:this.getZIndex(e)});var i=this.listWidth||Math.max(this.wrap.getWidth(),this.minListWidth);this.list.setSize(i,0),this.list.swallowEvent("mousewheel"),this.assetHeight=0,!1!==this.syncFont&&this.list.setStyle("font-size",this.el.getStyle("font-size")),this.title&&(this.header=this.list.createChild({cls:t+"-hd",html:this.title}),this.assetHeight+=this.

                                    Chrome Cache Entry: 272

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (2577)
                                    Category:downloaded
                                    Size (bytes):2578
                                    Entropy (8bit):5.116064974716061
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:0AB03FBA53273F5D9E138A5406CF2267
                                    SHA1:9C86F15B8751F58DD25364E878A808782B793AFE
                                    SHA-256:96745ABE20137A7F063CED72F6DEF5053FE9ED66B0214733957AF599FA553BA2
                                    SHA-512:83F59BB682AD0BD98BC0827B20DDB61BBD33B9EC0170AC6FDEFC7E7DD3B15F01CE30CF023CCEF293CF81584F7774A6ECAAC459EA08BF887004530A76B961567F
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/3rdparty/SupportForm/style.css?v=1727779981
                                    Preview:.syno-supportform-expire{color:#F58414;font-size:15px}.syno-ux-modulelist .x-tree-node-leaf .x-tree-node-icon.cate-icn-contact{background-position:0 0;background-image:url("images/1x/cate_icn_contact.png?v=39a23d203f2ddbd9bdebf045eda58a1b")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-ux-modulelist .x-tree-node-leaf .x-tree-node-icon.cate-icn-contact{background-image:url("images/2x/cate_icn_contact.png?v=56a5f9857df00424da8971d45ce4af5f");background-size:22px 44px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-ux-modulelist .x-tree-node-leaf .x-tree-node-icon.cate-icn-contact{background-image:url("images/2x/cate_icn_contact.png?v=56a5f9857df00424da8971d45ce4af5f");background-size:22px 44px;outline:1px green dashed}}.syno-ux-modulelist .x-tree-node-leaf .x-tree-node-icon.cate-icn-utilities{background-position:0 0;background-i

                                    Chrome Cache Entry: 273

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (988)
                                    Category:downloaded
                                    Size (bytes):989
                                    Entropy (8bit):5.187017146318785
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:159CB75ECC71191D1E7871CE235F23E1
                                    SHA1:34A5DF914414B39A01E1AEDED86F17CC01DB073B
                                    SHA-256:4D493F12B272AD192CCBE0816EC6D57BA09CEA27B62E8E778C73C54B44F5BC12
                                    SHA-512:35C74B81D86D7A52501ADCA7EC3A4DD75E565D1D2C359F198E02DE89C0BFEC4C490599E1A09A0AA7B8F83E003E322C786D6FF73A4514616E8B698C2B7A947D76
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/TaskSchedulerWidget/style.css?v=1711103609
                                    Preview:.syno-taskscheduler-enable-taskicon,.syno-taskscheduler-disable-taskicon{background-image:url("images/1x/wdgt_icn_items.png?v=783698fab24fa4a9871cc0a338beb9fb");width:24px;height:24px;margin:2px 6px 2px 7px;float:left;background-position:0 -144px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-taskscheduler-enable-taskicon,.synohdpack .syno-taskscheduler-disable-taskicon{background-image:url("images/2x/wdgt_icn_items.png?v=20e932445e3ff647e4004b424d56e954");background-size:24px 192px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-taskscheduler-enable-taskicon,.synohdpackdebug .syno-taskscheduler-disable-taskicon{background-image:url("images/2x/wdgt_icn_items.png?v=20e932445e3ff647e4004b424d56e954");background-size:24px 192px;outline:1px green dashed}}.syno-taskscheduler-disable-taskicon{background-position:0 -168px}.

                                    Chrome Cache Entry: 274

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (8727)
                                    Category:downloaded
                                    Size (bytes):11140
                                    Entropy (8bit):5.049221784524706
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:EEF6ED914DADFA3D9845C897A7FC0C66
                                    SHA1:BCE4886F76B0FD5B3746BF7666AE56B53465F8E4
                                    SHA-256:EAB61F5BB1826CBDBCDB857647A59452F7738C11B16FCBB702B8DCDF9B6E8F03
                                    SHA-512:5A3E583448AA716EF5B3FA3C22BAC3F9C4B0C51B4C8C553B783DC516E320A30697351AECA388875161334DDEC2DAD4FD730B3B858FE6B6985EA6E398DEFF3D56
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/webman/modules/DSMNotify/style.css?v=1725262674
                                    Preview:.sds-notify-tray-panel .item .title,.sds-notify-tray-panel .x-panel-header-text{font-weight:700}.accessible .sds-notify-tray-panel-dataview .x-view-selected{outline-width:1px !important;outline-color:blue !important;outline-style:solid !important;outline-offset:-1px}.sds-notify-tray-panel{padding:0;color:#414b55;width:340px}.sds-notify-tray-panel .sds-notify-empty-text{color:rgba(65,75,85,0.6);vertical-align:middle;text-align:center}.sds-notify-tray-panel .sds-notify-panel-arrow{position:absolute;top:-17px;left:158px;width:24px;height:18px;overflow:hidden}.sds-notify-tray-panel .sds-notify-panel-arrow::after{background:#fff;background:#fff;content:'';position:absolute;bottom:-3px;left:2px;width:14px;height:14px;-moz-transform-origin:left bottom;-ms-transform-origin:left bottom;-webkit-transform-origin:left bottom;transform-origin:left bottom;-moz-transform:rotate(45deg);-ms-transform:rotate(45deg);-webkit-transform:rotate(45deg);transform:rotate(45deg)}.sds-notify-tray-panel .x-panel-h

                                    Chrome Cache Entry: 275

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (62040)
                                    Category:downloaded
                                    Size (bytes):62041
                                    Entropy (8bit):5.128871199479707
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:62AFEB64B653B3F12725DE8418ECB40F
                                    SHA1:0C4170FFB3A8410E8F48D62D3E2F0D92362DFB82
                                    SHA-256:60E9C05810DCB241CC1F3033A5E08FAF10133F09A82F1FF0BDFD9AD07773BBF1
                                    SHA-512:CA2A376A696DFC9FFFBF9FB8F9C5381E265F46BAD3170051CDE2FFF1376835293048C73CE72442F10C045D1A4B8A0A9897524EE23D7B6C848B8DD093CFB75208
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/synoSDSjslib/sds.css?v=1715242943
                                    Preview:body input,body textarea,body keygen,body select,body button,body,.sds-login-welcome-info .sds-login-welcome-info-wrapper .sds-login-welcome-info-container .sds-login-welcome-info-title,.sds-login-welcome-info .sds-login-welcome-info-wrapper .sds-login-welcome-info-container .sds-login-welcome-info-msg{font-family:Verdana,Arial,sans-serif}body input:lang(zh-TW),body textarea:lang(zh-TW),body keygen:lang(zh-TW),body select:lang(zh-TW),body button:lang(zh-TW),body:lang(zh-TW),.sds-login-welcome-info .sds-login-welcome-info-wrapper .sds-login-welcome-info-container .sds-login-welcome-info-title:lang(zh-TW),.sds-login-welcome-info .sds-login-welcome-info-wrapper .sds-login-welcome-info-container .sds-login-welcome-info-msg:lang(zh-TW){font-family:Verdana,Arial,Microsoft JhengHei,sans-serif}body input:lang(zh-CN),body textarea:lang(zh-CN),body keygen:lang(zh-CN),body select:lang(zh-CN),body button:lang(zh-CN),body:lang(zh-CN),.sds-login-welcome-info .sds-login-welcome-info-wrapper .sds-logi

                                    Chrome Cache Entry: 277

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (48514), with NEL line terminators
                                    Category:dropped
                                    Size (bytes):325632
                                    Entropy (8bit):5.387337708245541
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:D75A15ECECE5985E158D496F794ADE32
                                    SHA1:E3F4DAEA0E77A9D8F4998AB5C541BC3BEF5BE31E
                                    SHA-256:2809AEC5320190D744FD591E3C1468DB95664682D96A5501A975EF90AF9B740F
                                    SHA-512:DA8A071BB11CA800C4769C8BC27549B2FC4AE8795FF9ABD31510DB5986B00B1F4E08E2DB05602AEE57256E65E604279DD7B4E05B75D376B07399E8609344A742
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:webpackJsonp([1],[function(t,e,n){"use strict";var r=n(2),o=n(18),i=n(11),u=n(12),a=n(19),c=function t(e,n,c){var s,f,l,p,h=e&t.F,d=e&t.G,v=e&t.P,y=e&t.B,g=d?r:e&t.S?r[n]||(r[n]={}):(r[n]||{}).prototype,m=d?o:o[n]||(o[n]={}),b=m.prototype||(m.prototype={});for(s in d&&(c=n),c)l=((f=!h&&g&&void 0!==g[s])?g:c)[s],p=y&&f?a(l,r):v&&"function"==typeof l?a(Function.call,l):l,g&&u(g,s,l,e&t.U),m[s]!=l&&i(m,s,p),v&&b[s]!=l&&(b[s]=l)};r.core=o,c.F=1,c.G=2,c.S=4,c.P=8,c.B=16,c.W=32,c.U=64,c.R=128,t.exports=c},function(t,e,n){"use strict";var r=n(4);t.exports=function(t){if(!r(t))throw TypeError(t+" is not an object!");return t}},function(t,e,n){"use strict";var r=t.exports="undefined"!=typeof window&&window.Math==Math?window:"undefined"!=typeof self&&self.Math==Math?self:Function("return this")();"number"==typeof __g&&(__g=r)},function(t,e,n){"use strict";t.exports=function(t){try{return!!t()}catch(t){return!0}}},function(t,e,n){"use strict";var r="function"==typeof Symbol&&"symbol"==typeof Symb

                                    Chrome Cache Entry: 278

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65475)
                                    Category:dropped
                                    Size (bytes):133278
                                    Entropy (8bit):5.4063633500798804
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:392B59CADD2EAB86A6B6933D6847B9F4
                                    SHA1:E3F6A722C81B6710179BD0F27BA955C261BE5386
                                    SHA-256:19C42602E155A06244951B9E40719187BC4FAE80C7111871119A1F56AC43940B
                                    SHA-512:40288E3D7706622C10E85106CC7EF4528CE01E317EE82433B77650D68DEB1B98697ED986B7E3C8134043222EA144F04EABA8035781BAA41C18B972ABFFD32C51
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:/* Copyright (c) 2024 Synology Inc. All rights reserved. */..!function(){var t={2545:function(t,e,i){var n=i(1822)(i(7400),"DataView");t.exports=n},6586:function(t,e,i){var n=i(7753),o=i(2452),s=i(2115),r=i(8256),a=i(7426);function c(t){var e=-1,i=null==t?0:t.length;for(this.clear();++e<i;){var n=t[e];this.set(n[0],n[1])}}c.prototype.clear=n,c.prototype.delete=o,c.prototype.get=s,c.prototype.has=r,c.prototype.set=a,t.exports=c},6301:function(t,e,i){var n=i(9417),o=i(2470),s=i(6165),r=i(1873),a=i(2556);function c(t){var e=-1,i=null==t?0:t.length;for(this.clear();++e<i;){var n=t[e];this.set(n[0],n[1])}}c.prototype.clear=n,c.prototype.delete=o,c.prototype.get=s,c.prototype.has=r,c.prototype.set=a,t.exports=c},4538:function(t,e,i){var n=i(1822)(i(7400),"Map");t.exports=n},4554:function(t,e,i){var n=i(9448),o=i(7738),s=i(6575),r=i(7238),a=i(8738);function c(t){var e=-1,i=null==t?0:t.length;for(this.clear();++e<i;){var n=t[e];this.set(n[0],n[1])}}c.prototype.clear=n,c.prototype.delete=o,c.pr

                                    Chrome Cache Entry: 280

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:Unicode text, UTF-8 text, with very long lines (12467)
                                    Category:dropped
                                    Size (bytes):12536
                                    Entropy (8bit):5.045486735548921
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9190541D2B0B2827D8F9A2B436FFDC3F
                                    SHA1:77835F215674523C7C5A9C87E08091DF61BFA965
                                    SHA-256:3EFD92158A4C24F9995773FAFEDE2577E1646F738152C03B807678B610583F3C
                                    SHA-512:4E4C70A3C7591194E68DEE504FDBA8742A9ED9719B65D05753CB82E27B2406DD24C11F7D027CE4CFC24248C0727E8AA32D31DC4EE201F1FB26103DDBF4B8E9DE
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:/*!. * vuex v3.6.2. * (c) 2021 Evan You. * @license MIT. */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).Vuex=e()}(this,(function(){"use strict";var t=("undefined"!=typeof window?window:"undefined"!=typeof global?global:{}).__VUE_DEVTOOLS_GLOBAL_HOOK__;function e(t,n){if(void 0===n&&(n=[]),null===t||"object"!=typeof t)return t;var o,r=(o=function(e){return e.original===t},n.filter(o)[0]);if(r)return r.copy;var i=Array.isArray(t)?[]:{};return n.push({original:t,copy:i}),Object.keys(t).forEach((function(o){i[o]=e(t[o],n)})),i}function n(t,e){Object.keys(t).forEach((function(n){return e(t[n],n)}))}function o(t){return null!==t&&"object"==typeof t}var r=function(t,e){this.runtime=e,this._children=Object.create(null),this._rawModule=t;var n=t.state;this.state=("function"==typeof n?n():n)||{}},i={namespaced:{configurable:!0}};i.namespaced.get=functio

                                    Chrome Cache Entry: 284

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (51131)
                                    Category:downloaded
                                    Size (bytes):51132
                                    Entropy (8bit):5.367119058493569
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A35C05E2A6D50DA942D315CBA56FAAAD
                                    SHA1:84174517F3A484C0740828633692F954CC383D81
                                    SHA-256:E2818EDA98F7D20893A2C7AE97D988D23B5EAEBB956EB258819C649B50AB014C
                                    SHA-512:D04B5E25D8DF93C0AE005F500AE3C093DACA3FC18B1D393EA5BCA44552E644A711BE73824BA870CCDF4E01DBD5619A0B963428F95B3877F977BAB0667F955CB1
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/scripts/synowebrtc/synowebrtc.min.js?v=1714727837
                                    Preview:this.SYNO=this.SYNO||{},this.SYNO.WebRTC=function(){"use strict";function e(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function t(e){for(var t=[],n=0,s=0;s<e.length;s++){var a=e.charCodeAt(s);a<128?t[n++]=a:a<2048?(t[n++]=a>>6|192,t[n++]=63&a|128):55296==(64512&a)&&s+1<e.length&&56320==(64512&e.charCodeAt(s+1))?(a=65536+((1023&a)<<10)+(1023&e.charCodeAt(++s)),t[n++]=a>>18|240,t[n++]=a>>12&63|128,t[n++]=a>>6&63|128,t[n++]=63&a|128):(t[n++]=a>>12|224,t[n++]=a>>6&63|128,t[n++]=63&a|128)}return t}function n(e){for(var t,n,s,a=[],i=0,r=0;i<e.length;)if((t=e[i++])<128)a[r++]=String.fromCharCode(t);else if(t>191&&t<224)n=e[i++],a[r++]=String.fromCharCode((31&t)<<6|63&n);else if(t>239&&t<365){var o=((7&t)<<18|(63&(n=e[i++]))<<12|(63&(s=e[i++]))<<6|63&e[i++])-65536;a[r++]=String.fromCharCode(55296+(o>>10)),a[r++]=String.fromCharCode(56320+(1023&o))}else n=e[i++],s=e[i++],a[r++]=String.fromCharCode((15&t)<<12|(63&n)<<6|63&s);retur

                                    Chrome Cache Entry: 285

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (40150)
                                    Category:downloaded
                                    Size (bytes):40151
                                    Entropy (8bit):5.456185975823851
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E10E76A7163D3C48E88C1732E34EA30F
                                    SHA1:6B561D0382A1563C9B0AFC67CEB810D62B0C187F
                                    SHA-256:015E1A77E0C2D3E2533D2FE145604B6A057E2B2B14ABC668A6BFD78EC1F4B468
                                    SHA-512:225E843E4F5F7B227D43797E3CB253A143E4D78C212475337AE559F7DFD91E7C6AD031E0C7284F2F91DE9931FA47913A495F48CB20B16F3739AF498D37EBB609
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/scripts/synowebapi.js/synowebapi.min.js?v=1675322301
                                    Preview:var synowebapi=function(){"use strict";function t(t){return{env:t.env,hooks:t.hooks}}function e(t,e){const r=e.callback||function(){},n=e.scope;t.then((t=>{r.call(n,!0,t)}),(t=>{r.call(n,!1,t)}))}function r(r){return{...t(r),request(t){e(r.request(t),t)},auth(t,n,o){n&&(t={...t,callback:n,scope:o}),e(r.auth(t),t)},download(t){r.download(t)},encrypt(t,n,o,i){"function"==typeof n&&(i=o,o=n,n={}),e(r.encrypt(t,n),{callback:o,scope:i})}}}function n(e){const r=t(e);return["request","auth","download","encrypt","requestWebAPI"].forEach((t=>{r[t]=e[t].bind(e)})),r}class o{constructor(t){}get env(){return this.manager.env}get hooks(){return this.manager.hooks}requestWebAPI(t){return this.manager.requestWebAPI(t)}request(t){return this.manager.request(t)}auth(t){return this.manager.auth(t)}download(t){t.onError&&t.onError(new Error("unsupported"))}encrypt(t,e){return this.manager.encrypt(t,e)}create(t){return new this.constructor(t)}}class i{constructor(t){void 0===t&&(t=Object.create(null));con

                                    Chrome Cache Entry: 286

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (799), with no line terminators
                                    Category:downloaded
                                    Size (bytes):799
                                    Entropy (8bit):5.0357150156887025
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:79F813C318B018258DD08FEE7516C001
                                    SHA1:01DC3FC9C8E2313682965E96CA9931594D2E54A2
                                    SHA-256:F3B3E2C5CD8C06660C52448F4F4D34F965075C5842D778279B5BFC033922E8EA
                                    SHA-512:C19FE65AEB23DB76D3B644F153A024D2C4F22D1922ABC00F5E83E012BA745B98A826F9B8ED603E855A1053D947B37434012A6215693507BFDCD54CE1BAE8F669
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile.me/commons.a8cea4c56af45adf1478.bundle.js
                                    Preview:!function(r){function n(e){if(o[e])return o[e].exports;var t=o[e]={i:e,l:!1,exports:{}};return r[e].call(t.exports,t,t.exports,n),t.l=!0,t.exports}var e=window.webpackJsonp;window.webpackJsonp=function(o,u,c){for(var f,i,p,a=0,l=[];a<o.length;a++)i=o[a],t[i]&&l.push(t[i][0]),t[i]=0;for(f in u)Object.prototype.hasOwnProperty.call(u,f)&&(r[f]=u[f]);for(e&&e(o,u,c);l.length;)l.shift()();if(c)for(a=0;a<c.length;a++)p=n(n.s=c[a]);return p};var o={},t={5:0};n.m=r,n.c=o,n.d=function(r,e,o){n.o(r,e)||Object.defineProperty(r,e,{configurable:!1,enumerable:!0,get:o})},n.n=function(r){var e=r&&r.__esModule?function(){return r.default}:function(){return r};return n.d(e,"a",e),e},n.o=function(r,n){return Object.prototype.hasOwnProperty.call(r,n)},n.p="/",n.oe=function(r){throw console.error(r),r}}([]);

                                    Chrome Cache Entry: 287

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                    Category:downloaded
                                    Size (bytes):202678
                                    Entropy (8bit):5.388578032311102
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4182AE231F1F61B8C3E0DA9500EA8C2D
                                    SHA1:B08D9F0A4728AABC06BE4C73C6023F26F5D6EC47
                                    SHA-256:E94D88FE63E20A183061D3788D46CE17FF0E23EAF39C8AC15CFA3A48B857EC52
                                    SHA-512:D7AB07FB0CBB76AF82BF4CE81034986C6504A0560A7B57573A65C34CF8FA594891ACB75C04637FF19C3B468C4A40DCF72EC4D10234C122FBE0B9953DBDEB092A
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://gofile-37774f4473.de9.quickconnect.to/sharing/scripts/babel-polyfill/polyfill.js?v=1672898121
                                    Preview:!function(){var t={18257:function(t,r,e){var n=e(9212),o=e(75637),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a function")}},41186:function(t,r,e){var n=e(62097),o=e(75637),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a constructor")}},79882:function(t,r,e){function n(t){return(n="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}var o=e(9212),i=String,u=TypeError;t.exports=function(t){if("object"==n(t)||o(t))return t;throw u("Can't set "+i(t)+" as a prototype")}},36288:function(t,r,e){var n=e(3649),o=e(3590),i=e(94615).f,u=n("unscopables"),a=Array.prototype;null==a[u]&&i(a,u,{configurable:!0,value:o(null)}),t.exports=function(t){a[u][t]=!0}},96733:function(t,r,e){"use strict";var n=e(96389).charAt;t.exports=function(t,r,e){return r+(e?n(t,r).length:1)}},44761:function(t,r,e){v

                                    \Device\ConDrv

                                    Download File
                                    Process:C:\Windows\System32\netsh.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):7
                                    Entropy (8bit):2.2359263506290326
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:F1CA165C0DA831C9A17D08C4DECBD114
                                    SHA1:D750F8260312A40968458169B496C40DACC751CA
                                    SHA-256:ACCF036232D2570796BF0ABF71FFE342DC35E2F07B12041FE739D44A06F36AF8
                                    SHA-512:052FF09612F382505B049EF15D9FB83E46430B5EE4EEFB0F865CD1A3A50FDFA6FFF573E0EF940F26E955270502D5774187CD88B90CD53792AC1F6DFA37E4B646
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:Ok.....

                                    Static File Info

                                    No static file info