Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv

Overview

General Information

Sample URL:https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv
Analysis ID:1544994
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
Downloads suspicious files via Chrome
Drops password protected ZIP file
Found suspicious ZIP file
Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2016,i,16869703180556477407,8708892340595785305,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • unarchiver.exe (PID: 6836 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
      • 7za.exe (PID: 3572 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\qhqxwr2q.1y1" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 4648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • chrome.exe (PID: 5544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49724 version: TLS 1.0
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.8:49707 -> 1.1.1.1:53
Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49724 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download&confirm=t&uuid=3d09584d-a764-438e-80b4-a0bbc8e8de66 HTTP/1.1Host: drive.usercontent.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=zGq4SgW847MYOiqqEwudlL_LnPlfqZKIXUEHdQl6dKH8ykyPPnfKIjxyuFzRFzXded2vS5FGIrTs7IXiACH6eO7zGekX_pGUBBH9yumVxqXIPxxJDGjrErnjYqbY4E7Us30EwnCEv-YJluuOKzpE6Zr2-2FOFbaGqjNhghzmvpy23DjPAw
Source: global trafficDNS traffic detected: DNS query: docs.google.com
Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49720 version: TLS 1.2

System Summary

barindex
Downloads suspicious files via Chrome
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile dump: C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip (copy)Jump to dropped file
Drops password protected ZIP file
Source: 012301b8-d4a6-4e56-81d7-61a09fb43fd8.tmp.0.drZip Entry: encrypted
Source: chromecache_59.2.drZip Entry: encrypted
Found suspicious ZIP file
Source: 012301b8-d4a6-4e56-81d7-61a09fb43fd8.tmp.0.drZip Entry: FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01..bat
Source: chromecache_59.2.drZip Entry: FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01..bat
Source: classification engineClassification label: mal56.win@22/13@6/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4648:120:WilError_03
Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\unarchiver.logJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2016,i,16869703180556477407,8708892340595785305,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\qhqxwr2q.1y1" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2016,i,16869703180556477407,8708892340595785305,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\qhqxwr2q.1y1" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: https://drive.usercontent.google.com/download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=downloadLLM: Page contains button: 'Download anyway' Source: '0.0.pages.csv'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: E20000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 2AF0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 4AF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 4788Thread sleep count: 90 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 4788Thread sleep time: -45000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 8_2_00D8B1D6 GetSystemInfo,8_2_00D8B1D6
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\qhqxwr2q.1y1" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		11
Process Injection		1
Masquerading		OS Credential Dumping2
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		2
Virtualization/Sandbox Evasion		LSASS Memory3
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Disable or Modify Tools		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
docs.google.com
142.250.186.78
truefalse
    		unknown
    drive.usercontent.google.com
    		142.250.184.193
    		truefalse
      		unknown
      www.google.com
      		216.58.206.68
      		truefalse
        		unknown
        fp2e7a.wpc.phicdn.net
        		192.229.221.95
        		truefalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.250.186.78
          		docs.google.comUnited States
          		15169GOOGLEUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          142.250.184.193
          		drive.usercontent.google.comUnited States
          		15169GOOGLEUSfalse
          216.58.206.68
          		www.google.comUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.8

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1544994
          Start date and time:2024-10-30 00:07:31 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 15s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:browseurl.jbs
          Sample URL:https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:13
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal56.win@22/13@6/5
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 51
          • Number of non-executed functions: 0

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.181.238, 64.233.167.84, 34.104.35.123, 216.58.206.67, 172.217.18.3, 4.175.87.197, 192.229.221.95, 20.3.187.198, 20.12.23.50, 216.58.212.131, 52.149.20.212
          • Excluded domains from analysis (whitelisted): ssl.gstatic.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          • VT rate limit hit for: https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv

          Simulations

          Behavior and APIs

          TimeTypeDescription
          19:09:28API Interceptor39x Sleep call for process: unarchiver.exe modified

          LLM Input / Output

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Local\Temp\unarchiver.log

          Download File
          Process:C:\Windows\SysWOW64\unarchiver.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):2588
          Entropy (8bit):5.288575048932471
          Encrypted:false
          SSDEEP:48:RmTIgxME0Nq1TCG8TCGb8TCG8TCGpmTCGPTCG8TCGpxIgxME0NTCGbSTCGmIgxMC:4pMEoME4RMEq8YTHTHTHTHTHTHTHTHTa
          MD5:5E23C1D3C6044248EAEFB4D52A89EB0C
          SHA1:CC24C5162D231D3BF8DB37730058C912474FC237
          SHA-256:F8F39BE158032F8627D640C8AE9377FF4BEB64A8929D883222F4DAFC1BA0A0DD
          SHA-512:4D114BDA1A739C712606D39D80F8F6AFD26C1AB4351FDF0645C6713A9A2872C84749FEFBF75B79EC3E2E90620CB5866EB0BD6AA86539C8DA9B46B544A5838534
          Malicious:false
          Reputation:low
          Preview:10/29/2024 7:08 PM: Unpack: C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip..10/29/2024 7:08 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\qhqxwr2q.1y1..10/29/2024 7:08 PM: Received from standard out: ..10/29/2024 7:08 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..10/29/2024 7:08 PM: Received from standard out: ..10/29/2024 7:08 PM: Received from standard out: Scanning the drive for archives:..10/29/2024 7:08 PM: Received from standard out: 1 file, 6957 bytes (7 KiB)..10/29/2024 7:08 PM: Received from standard out: ..10/29/2024 7:08 PM: Received from standard out: Extracting archive: C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip..10/29/2024 7:08 PM: Received from standard out: --..10/29/2024 7:08 PM: Received from standard out: Path = C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip..10/29/2024 7:08 PM: Received from standard o

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.9845958275471354
          Encrypted:false
          SSDEEP:48:8gw0drTzrPHridAKZdA1oehwiZUklqehly+3:8NE78+y
          MD5:DFAE7CFD512CDB9E79190040FBF4E988
          SHA1:DFE8CA162C547E30840AF3AB48F08E019B5210D7
          SHA-256:40719916A44C180DB09A933CD8FF8689C585FBED4292C6140786F7D0DAAC9F70
          SHA-512:B73D08BB700E1E2285E7C18B1219FCD7152ADB16BE0F49D5BB9564867041D96010C5CE58CDC957E441AD7FDB49A686D78BB44E6B5B5A32D217B5775249D1C7B3
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....6`wW*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uj.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):4.001667744839261
          Encrypted:false
          SSDEEP:48:8ww0drTzrPHridAKZdA1leh/iZUkAQkqehuy+2:89E7u9Qny
          MD5:E8EE9F21D70BF12FA1B22CB159E08381
          SHA1:5EABAFD65E52AA66F8DB1D0D00CE17F9D79B7E10
          SHA-256:DBCD70DF26BDD2911EDF936B47F341C21780304C7990B8358A1379E19BEFF52C
          SHA-512:6408BB4177C8C98B194EA4397AE770D67A91618D89C5C87FE31CD6973684B480C01CB60112B8489B2092515E77764B5C5CE74F3B865AA6E08B646A8E221FA08D
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....NwW*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uj.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2693
          Entropy (8bit):4.01104794211703
          Encrypted:false
          SSDEEP:48:8Vw0drTzrbHridAKZdA14t5eh7sFiZUkmgqeh7s4y+BX:8CE7SnSy
          MD5:BE936734BA6D9BFE2CDA2E550226B646
          SHA1:1AFE84688C603D76A1893E07C6C059BD23E15B2A
          SHA-256:391ACB5D6A812228A45C239BE9A075B2FCFE308AC144B7B6BA3F8F2E84195100
          SHA-512:6892ABC61D64677567D93397DA1C37EAEA03B8310274DACE297CAB9344C3D765E98DD57C93F5E63F4833A724213F23BCDA1A434D2A0C8B7415530FE049DE2740
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uj.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):3.9972935875019275
          Encrypted:false
          SSDEEP:48:8bw0drTzrPHridAKZdA16ehDiZUkwqehqy+R:8ME7FQy
          MD5:EDAC53C7E66D3BDF4D3166A205085387
          SHA1:AB317BFAB3DAA210444C75D1742BF2FCBF573325
          SHA-256:2D2CBA48A4AD8D4DB5A76CF75BF588CF3FD48963AF316DD561141BD4F57596F0
          SHA-512:B3B79A0634C78588ACBDC169D919462CD0D11030B64A56D5263597800C79D6AF25FFAF29DCB00A27AB4D99A6F0BBA87D5174A71B6743B6EF14ACBD60819B0464
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,....~.HwW*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uj.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:29 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):3.989080737595562
          Encrypted:false
          SSDEEP:48:8xw0drTzrPHridAKZdA1UehBiZUk1W1qehcy+C:82E7198y
          MD5:94CC6E6C6FAA8C87C4E87D6B98B89562
          SHA1:61352DF737AA1025AB8BD8DA1E52B479B552B781
          SHA-256:1CB0006B9AE53DDED1D82D92ACE665130D6B77F9551421B4A2F70BA8A2953E79
          SHA-512:4937347C2372395D65D8FA6FF8BD8D295485E55BB10324796A1F572BCA3199526183D3119F8A070C685DDBB72912F3E6304A87C9E5BDD8AD33D57C2F568BB51A
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....UwW*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uj.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 22:08:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2683
          Entropy (8bit):3.998493475792123
          Encrypted:false
          SSDEEP:48:8uw0drTzrPHridAKZdA1duTrehOuTbbiZUk5OjqehOuTbSy+yT+:8fE7CTYTbxWOvTbSy7T
          MD5:FEBE2B4B5B22932F73871E4F52AD1497
          SHA1:BE228A9D11B1531B0BDA2207BD350359CFE5E9BA
          SHA-256:735F74945008AEDD5219D68C83912A558DA0E9BFB014278C7AFADE96F31CD81C
          SHA-512:E2E3728F1A25939F42C5C11C1E28B51E4CC438967243DF59DB9C716491D7256C8B6999F4DEE09A0F8C66956DC21EFEC59FB2A41A11AEDC3E43C93DA03E73485E
          Malicious:false
          Reputation:low
          Preview:L..................F.@.. ...$+.,.....]>wW*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I]Y......B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Uj.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\Downloads\012301b8-d4a6-4e56-81d7-61a09fb43fd8.tmp

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
          Category:dropped
          Size (bytes):6957
          Entropy (8bit):7.963293163823115
          Encrypted:false
          SSDEEP:96:fM+vhg2DH0jiicIkxfez6ALqm99d7wE8kR04NWkJXz6A48GfJ2EoKCNmgM2:fT0yZez6AL1EE800qnJj6z8ytoKCNmgf
          MD5:0847C3254C0D15B9673D96C89CE26F00
          SHA1:F5E4C2E45A35CA8B3553AE045D94FF33368DF857
          SHA-256:71D48C1B5CDB72463E26A128E26BFE414E65CDC7E95551783E779C33F62207F2
          SHA-512:2E2B2B37A73E706E8EBA462A0BFA0D9AE96ECDFABC0FACF95C2717FB99BCE296BE8F1D482BE9CF0013BB7CD58A8ABAB5BDA748F0A9E001EBA132B8C7B86E827F
          Malicious:false
          Reputation:low
          Preview:PK.........\\Y:#f.'....I..8...FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01..bat.)....*..G..`J..+ZB.x...dc7...sW7.U.....~L.1tq..}>Dc zp..+...5$v..K..W4.{..i^.......E.....[|.#c.j.{Q..s.33..r...][....gz%.I..n..!...0..xV.m..Ynv...wf.).8KW..a.`._.06. .f(r..D.d......v....Kl.st..?....%.p`..../."kc...y.$s...>..m.(..,r1....A.r. .z. ..e@..WYV.'Jc.......A0......6`d....Rx.Hy....P..^H...-.k..1v3..@.....w}.L.....QX ./.*..xq{..H..1..s...F|c..Y..$.Zx2._.(e.^87.G.....|.._E....C?.?...3....@.......c..p..#U..p..2.h...)...? K../...B..D..uy.P.a...............Cp.G.>......"\.G.....LG..Ab.*rQ.....S...(.%.3....$.A`"..Y+...B.........X0mm..}.L..v......I.O..j`...*&B...._5V..~......z...k...}../4E.w........r6.;.nFB...F.[.WN...../U.r.........R...E8......L...zM*^.n..=ql.....i?...M....pd..Oy..>w1...Iwb.u.Nq..8*9.(..9.&.x..a../...>_.'..,#..O..MZ.g..e?.2..g.....G9...'.~%+x.....M:.!P.C.e%......6..6C....(}..5H.....*8.&.69..-E7muH......N...>...a<....V~*....1......\;.....*.$.>d

          C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip (copy)

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
          Category:dropped
          Size (bytes):6957
          Entropy (8bit):7.963293163823115
          Encrypted:false
          SSDEEP:96:fM+vhg2DH0jiicIkxfez6ALqm99d7wE8kR04NWkJXz6A48GfJ2EoKCNmgM2:fT0yZez6AL1EE800qnJj6z8ytoKCNmgf
          MD5:0847C3254C0D15B9673D96C89CE26F00
          SHA1:F5E4C2E45A35CA8B3553AE045D94FF33368DF857
          SHA-256:71D48C1B5CDB72463E26A128E26BFE414E65CDC7E95551783E779C33F62207F2
          SHA-512:2E2B2B37A73E706E8EBA462A0BFA0D9AE96ECDFABC0FACF95C2717FB99BCE296BE8F1D482BE9CF0013BB7CD58A8ABAB5BDA748F0A9E001EBA132B8C7B86E827F
          Malicious:true
          Reputation:low
          Preview:PK.........\\Y:#f.'....I..8...FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01..bat.)....*..G..`J..+ZB.x...dc7...sW7.U.....~L.1tq..}>Dc zp..+...5$v..K..W4.{..i^.......E.....[|.#c.j.{Q..s.33..r...][....gz%.I..n..!...0..xV.m..Ynv...wf.).8KW..a.`._.06. .f(r..D.d......v....Kl.st..?....%.p`..../."kc...y.$s...>..m.(..,r1....A.r. .z. ..e@..WYV.'Jc.......A0......6`d....Rx.Hy....P..^H...-.k..1v3..@.....w}.L.....QX ./.*..xq{..H..1..s...F|c..Y..$.Zx2._.(e.^87.G.....|.._E....C?.?...3....@.......c..p..#U..p..2.h...)...? K../...B..D..uy.P.a...............Cp.G.>......"\.G.....LG..Ab.*rQ.....S...(.%.3....$.A`"..Y+...B.........X0mm..}.L..v......I.O..j`...*&B...._5V..~......z...k...}../4E.w........r6.;.nFB...F.[.WN...../U.r.........R...E8......L...zM*^.n..=ql.....i?...M....pd..Oy..>w1...Iwb.u.Nq..8*9.(..9.&.x..a../...>_.'..,#..O..MZ.g..e?.2..g.....G9...'.~%+x.....M:.!P.C.e%......6..6C....(}..5H.....*8.&.69..-E7muH......N...>...a<....V~*....1......\;.....*.$.>d

          C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip.crdownload (copy)

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
          Category:dropped
          Size (bytes):6957
          Entropy (8bit):7.963293163823115
          Encrypted:false
          SSDEEP:96:fM+vhg2DH0jiicIkxfez6ALqm99d7wE8kR04NWkJXz6A48GfJ2EoKCNmgM2:fT0yZez6AL1EE800qnJj6z8ytoKCNmgf
          MD5:0847C3254C0D15B9673D96C89CE26F00
          SHA1:F5E4C2E45A35CA8B3553AE045D94FF33368DF857
          SHA-256:71D48C1B5CDB72463E26A128E26BFE414E65CDC7E95551783E779C33F62207F2
          SHA-512:2E2B2B37A73E706E8EBA462A0BFA0D9AE96ECDFABC0FACF95C2717FB99BCE296BE8F1D482BE9CF0013BB7CD58A8ABAB5BDA748F0A9E001EBA132B8C7B86E827F
          Malicious:false
          Reputation:low
          Preview:PK.........\\Y:#f.'....I..8...FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01..bat.)....*..G..`J..+ZB.x...dc7...sW7.U.....~L.1tq..}>Dc zp..+...5$v..K..W4.{..i^.......E.....[|.#c.j.{Q..s.33..r...][....gz%.I..n..!...0..xV.m..Ynv...wf.).8KW..a.`._.06. .f(r..D.d......v....Kl.st..?....%.p`..../."kc...y.$s...>..m.(..,r1....A.r. .z. ..e@..WYV.'Jc.......A0......6`d....Rx.Hy....P..^H...-.k..1v3..@.....w}.L.....QX ./.*..xq{..H..1..s...F|c..Y..$.Zx2._.(e.^87.G.....|.._E....C?.?...3....@.......c..p..#U..p..2.h...)...? K../...B..D..uy.P.a...............Cp.G.>......"\.G.....LG..Ab.*rQ.....S...(.%.3....$.A`"..Y+...B.........X0mm..}.L..v......I.O..j`...*&B...._5V..~......z...k...}../4E.w........r6.;.nFB...F.[.WN...../U.r.........R...E8......L...zM*^.n..=ql.....i?...M....pd..Oy..>w1...Iwb.u.Nq..8*9.(..9.&.x..a../...>_.'..,#..O..MZ.g..e?.2..g.....G9...'.~%+x.....M:.!P.C.e%......6..6C....(}..5H.....*8.&.69..-E7muH......N...>...a<....V~*....1......\;.....*.$.>d

          Chrome Cache Entry: 59

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
          Category:downloaded
          Size (bytes):6957
          Entropy (8bit):7.963293163823115
          Encrypted:false
          SSDEEP:96:fM+vhg2DH0jiicIkxfez6ALqm99d7wE8kR04NWkJXz6A48GfJ2EoKCNmgM2:fT0yZez6AL1EE800qnJj6z8ytoKCNmgf
          MD5:0847C3254C0D15B9673D96C89CE26F00
          SHA1:F5E4C2E45A35CA8B3553AE045D94FF33368DF857
          SHA-256:71D48C1B5CDB72463E26A128E26BFE414E65CDC7E95551783E779C33F62207F2
          SHA-512:2E2B2B37A73E706E8EBA462A0BFA0D9AE96ECDFABC0FACF95C2717FB99BCE296BE8F1D482BE9CF0013BB7CD58A8ABAB5BDA748F0A9E001EBA132B8C7B86E827F
          Malicious:false
          Reputation:low
          URL:https://drive.usercontent.google.com/download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download&confirm=t&uuid=3d09584d-a764-438e-80b4-a0bbc8e8de66
          Preview:PK.........\\Y:#f.'....I..8...FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01..bat.)....*..G..`J..+ZB.x...dc7...sW7.U.....~L.1tq..}>Dc zp..+...5$v..K..W4.{..i^.......E.....[|.#c.j.{Q..s.33..r...][....gz%.I..n..!...0..xV.m..Ynv...wf.).8KW..a.`._.06. .f(r..D.d......v....Kl.st..?....%.p`..../."kc...y.$s...>..m.(..,r1....A.r. .z. ..e@..WYV.'Jc.......A0......6`d....Rx.Hy....P..^H...-.k..1v3..@.....w}.L.....QX ./.*..xq{..H..1..s...F|c..Y..$.Zx2._.(e.^87.G.....|.._E....C?.?...3....@.......c..p..#U..p..2.h...)...? K../...B..D..uy.P.a...............Cp.G.>......"\.G.....LG..Ab.*rQ.....S...(.%.3....$.A`"..Y+...B.........X0mm..}.L..v......I.O..j`...*&B...._5V..~......z...k...}../4E.w........r6.;.nFB...F.[.WN...../U.r.........R...E8......L...zM*^.n..=ql.....i?...M....pd..Oy..>w1...Iwb.u.Nq..8*9.(..9.&.x..a../...>_.'..,#..O..MZ.g..e?.2..g.....G9...'.~%+x.....M:.!P.C.e%......6..6C....(}..5H.....*8.&.69..-E7muH......N...>...a<....V~*....1......\;.....*.$.>d

          Chrome Cache Entry: 60

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):1594
          Entropy (8bit):7.862952554761723
          Encrypted:false
          SSDEEP:24:M5DhErRsW6OTfolVFt/qRyFQCB0RxgawoIqH4B36zPiX9/YhtdHft7:M5dIWGbofFBq+GR2eITI6sf9
          MD5:C66F20F2E39EB2F6A0A4CDBE0D955E5F
          SHA1:575EF086CE461E0EF83662E3ACB3C1A789EBB0A8
          SHA-256:2AB9CD0FFDDDF7BF060620AE328FE626BFA2C004739ADEDB74EC894FAF9BEE31
          SHA-512:B9C44A2113FB078D83E968DC0AF2E78995BB6DD4CA25ABFF31E9AB180849C5DE3036B69931CCA295AC64155D5B168B634E35B7699F3FE65D4A30E9058A2639BD
          Malicious:false
          Reputation:low
          Preview:.PNG........IHDR... ... .....szz.....IDATX.WkLSg.....65..A-f....lOk..."2..f[T...9.3q.q.....CnaKX.4.A/\D.l....m1qY....~ik+..F.i..;.A..,.<.NN......~..B..1.f..V....7....?.R..<.r3./...d...*..A..h....S.......W^...`...0.......?_M...L.....`M.V.muG.$.e.J+.~Y........B.g?aF.+..M1..[.1. .?2O ...n.y.......XuQ.H. ...A.....+.....b..D..D.y......E.....M o4....R.w..b;`...R..#.\.t.%..]..[....%X<.L.Eo5Umm?..F.Oa1...W`uU:..L<..k..C....7a..1../QD3..U.D.l.T.5H......4...v......=t.."D?b.Pr.~....d#.Q.R.......)9'F/B. ....U.k'...p.!..J...O4.J.)G./"9.6.)@....4.h.(B2I.fB...AD.........7eK.%.O$gP.v.... y.t"9.E...h[...z{.C..[....7.......4......-....X......tJ...a.y....o<P..."..H\MI(Y....Y..A.,.D.$6B..`.Y..B......y..q.m..ci..,F.w......^h&.t...Y.]/......H...d<*..cl.c...6N4..8FI....h%.[&u....cd.L.|...M......."n...&.....d.'t:...c5..{~/7E.(`.`...>V7.RXS.k%..9...l....eRm...%..i...~.@.B..?.".../.v.0.@.c{.(.^w.=....:t=.>........V..}P..`...}.!u..k...p.ye...6.'..,.....Y..........

          Static File Info

          No static file info

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Oct 30, 2024 00:08:18.217734098 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.217792988 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.217919111 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.217966080 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.220252991 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.220355988 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.221180916 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.221873999 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.221942902 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.221954107 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.221992016 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.222090006 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.222311020 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.223107100 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.224107981 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.224787951 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.226572990 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.227667093 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.228481054 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.229481936 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.230112076 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.349231958 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.349797010 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.349900007 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.350986004 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.351614952 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.351694107 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.352018118 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.352498055 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.353405952 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.353648901 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.355195999 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.355297089 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.359543085 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.360385895 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.360850096 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.362236023 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.362256050 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.480365038 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.481524944 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.481570959 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.481616974 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.481693983 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.481740952 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.482856035 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.482918024 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.482979059 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.483143091 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.483737946 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.484344006 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.485835075 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.485863924 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.486542940 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.489097118 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.489654064 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.491211891 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.491903067 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.621469021 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.621490002 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.621618032 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.621951103 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.622190952 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.622241974 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.624798059 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.624875069 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.625196934 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.625260115 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.625473022 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.625668049 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.627374887 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.627521038 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.630140066 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.630218029 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.630745888 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.632684946 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.632798910 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.752907991 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.752943039 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.753020048 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.753050089 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.753432989 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.753488064 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.755151033 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.755280018 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.755342007 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.756161928 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.756269932 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.757033110 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.757699013 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.762161970 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.765235901 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.765245914 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.765254974 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.767115116 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.817475080 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.884902954 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.885039091 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.885049105 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.885140896 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.885510921 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.885564089 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.885884047 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.888525963 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.888616085 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.889046907 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.889261961 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.893857002 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.893938065 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.894329071 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.894598961 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.896517038 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:18.899091959 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:18.949568987 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.017245054 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.017273903 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.017292976 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.017373085 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.017493010 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.017540932 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.017764091 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.017971992 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.018018007 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.020478964 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.020592928 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.021436930 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.021486998 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.025794029 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.025888920 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.026721954 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.026823044 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.029289007 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.031609058 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.077425957 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.149308920 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.149367094 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.149493933 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.149625063 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.151283026 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.151359081 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.151360989 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.152307987 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.152367115 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.154364109 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.154401064 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.157672882 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.157800913 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.159568071 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.159636021 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.159703016 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.161580086 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.209415913 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.280025005 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.280069113 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.280117035 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.280203104 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.282005072 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.282093048 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.282094002 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.282831907 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.282891035 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.283453941 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.284326077 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.284879923 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.285154104 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.289093018 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.289141893 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.289220095 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.290216923 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.291215897 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.296530962 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.411168098 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.412364006 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.412422895 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.412480116 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.412900925 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.412961006 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.413139105 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.415138960 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.415364981 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.415931940 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.416080952 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.418766022 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.420669079 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.421273947 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.421607971 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.471704006 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.544212103 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.544246912 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.544260979 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.544356108 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.544415951 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.544461012 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.544559002 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.544569016 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.544625044 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.547667980 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.547856092 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.548568964 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.548641920 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.549745083 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.549917936 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.551927090 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.553138971 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.553275108 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.553864002 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.554007053 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.557419062 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.691401958 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.691488028 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.691499949 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.691561937 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.691818953 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.691876888 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.698720932 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.698815107 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.700190067 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.700571060 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.700779915 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.704250097 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.704463005 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.705648899 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.706000090 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.706206083 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.826580048 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.826625109 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.826730967 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.826827049 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.828841925 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.828852892 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.828922987 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.828950882 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.828994036 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.829101086 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.830996990 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.832428932 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.833142996 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.833225965 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.835704088 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.836390018 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.837848902 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.838874102 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.841423035 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.959301949 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.960371017 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.960464001 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.961082935 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.961093903 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.961103916 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.961162090 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.963342905 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.963530064 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.963598967 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.963663101 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.964101076 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.964113951 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.965998888 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:19.968872070 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.969391108 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.969399929 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.969679117 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:19.971554041 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.091672897 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.091746092 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.091839075 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.092170000 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.092216015 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.092258930 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.092273951 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.093054056 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.093137026 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.093554020 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.096008062 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.096088886 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.096685886 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.096868038 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.097153902 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.101471901 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.101695061 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.102037907 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.102267027 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.102555037 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.224606991 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.224621058 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.224723101 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.224747896 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.224998951 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.225053072 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.227885008 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.227922916 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.227994919 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.228142977 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.228230000 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.228517056 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.228535891 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.230459929 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.230541945 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.233580112 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.233592033 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.233922958 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.235816002 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.235939026 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.329551935 CET49673443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:20.357539892 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.357615948 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.357669115 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.358385086 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.358836889 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.358886957 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.359117985 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.359194994 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.359234095 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.359334946 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.361875057 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.362030029 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.362380981 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.362822056 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.363209963 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.367185116 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.367311001 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.367816925 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.368251085 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.368494987 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.489742994 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.489790916 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.489974022 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.490736008 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.491461039 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.491518021 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.491534948 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.491565943 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.491616011 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.492546082 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.493567944 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.494184971 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.494849920 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.495245934 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.495621920 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.498991013 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.499629974 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.500649929 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.501127958 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.501137018 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.621726036 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.621824026 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.621901035 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.622185946 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.623420954 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.623472929 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.623498917 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.623944044 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.623997927 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.627839088 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.628864050 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.629734039 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.630148888 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.630470991 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.633405924 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.634303093 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.635101080 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.635453939 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.635741949 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.688843966 CET49672443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:20.755809069 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.756354094 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.756473064 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.758033991 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.758045912 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.758112907 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.758955002 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.759284019 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.759339094 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.760433912 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.761277914 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.762918949 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.764406919 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.765373945 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.765800953 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.766640902 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.768301964 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.769792080 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.770940065 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.887928963 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.888564110 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.888638020 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.890028954 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.891628981 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.891680002 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.892882109 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.911287069 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.916122913 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.917284966 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.917330027 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.920902967 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.921035051 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:20.921566963 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.922924042 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:20.926479101 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.039830923 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.043498039 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.043549061 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.043793917 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.044589043 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.045758963 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.046850920 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.048739910 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.048784971 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.048795938 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.048840046 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.048842907 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.049053907 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.051124096 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.051134109 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.051211119 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.052203894 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.056510925 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.056525946 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.203439951 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.203469992 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.203589916 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.203608990 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.203702927 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.203757048 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.203860998 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.208256960 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.209238052 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.209355116 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.210527897 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.210618019 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.213943005 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.214534998 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.214639902 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.215969086 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.216200113 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.339123964 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.342219114 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.342263937 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.342283010 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.342358112 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.342411995 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.342758894 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.343306065 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.343357086 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.343693018 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.345916986 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.349055052 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.349438906 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.350037098 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.351178885 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.351986885 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.354760885 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.355348110 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.357295036 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.454360962 CET49676443192.168.2.852.182.143.211
          Oct 30, 2024 00:08:21.471548080 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.473340034 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.474651098 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.476602077 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.480154991 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.481916904 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.482094049 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.482192993 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.482253075 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.483108997 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.484214067 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.486222029 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.486329079 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.491683960 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.602969885 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.604211092 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.604307890 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.606976986 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.608031034 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.613270044 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.613853931 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.613929987 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.614001036 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.614166021 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.614487886 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.614552975 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.620620966 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.621572018 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.621968985 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.626869917 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.669439077 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.735279083 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.736753941 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.738250017 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.749044895 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.749102116 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.749181986 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.749350071 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.750549078 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.750614882 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.751616955 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.752862930 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.756948948 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.758138895 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.773346901 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.774213076 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.774401903 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.778753996 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.779575109 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.779874086 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.879062891 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.879789114 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.879893064 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.900820017 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.901736021 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.901848078 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.902106047 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.926472902 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.927892923 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.928844929 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.929579973 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.931082964 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:21.931802988 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.933233976 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.934170008 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.934926987 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:21.936496973 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.054297924 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.054311037 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.054363012 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.055104017 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.055957079 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.056047916 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.056819916 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.058952093 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.059040070 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.059218884 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.062973022 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.063844919 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.064250946 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.064950943 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.066530943 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.068255901 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.069124937 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.070225000 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.071865082 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.186716080 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.192451954 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.192495108 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.192576885 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.192732096 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.193967104 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.194053888 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.194227934 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.194320917 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.194367886 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.345460892 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.346149921 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.349482059 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.350444078 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.350894928 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.350943089 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.351803064 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.354779959 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.355705976 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.356126070 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.474549055 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.474817038 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.474891901 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.474981070 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.475043058 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.475087881 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.477068901 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.477160931 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.477171898 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.477217913 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.477957964 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.478003025 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.478028059 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.478043079 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.478086948 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.478112936 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.488132000 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.489641905 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.492372990 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.493509054 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.494437933 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.494963884 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.495498896 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.497769117 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.499902964 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.500952005 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.615920067 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.616843939 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.616913080 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.619801044 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.621951103 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.622075081 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.622124910 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.622921944 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.622973919 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.624994993 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.627504110 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.628700972 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.629528046 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.630420923 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.633297920 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.635071039 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.704423904 CET49671443192.168.2.8204.79.197.203
          Oct 30, 2024 00:08:22.750946999 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.752648115 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.752712011 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:22.755836964 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.757236958 CET4434970513.107.246.60192.168.2.8
          Oct 30, 2024 00:08:22.757344961 CET49705443192.168.2.813.107.246.60
          Oct 30, 2024 00:08:23.048109055 CET4967780192.168.2.8192.229.211.108
          Oct 30, 2024 00:08:27.949671984 CET4970753192.168.2.81.1.1.1
          Oct 30, 2024 00:08:27.955028057 CET53497071.1.1.1192.168.2.8
          Oct 30, 2024 00:08:27.955096960 CET4970753192.168.2.81.1.1.1
          Oct 30, 2024 00:08:27.955159903 CET4970753192.168.2.81.1.1.1
          Oct 30, 2024 00:08:27.955159903 CET4970753192.168.2.81.1.1.1
          Oct 30, 2024 00:08:27.955208063 CET4970753192.168.2.81.1.1.1
          Oct 30, 2024 00:08:27.960570097 CET53497071.1.1.1192.168.2.8
          Oct 30, 2024 00:08:27.960581064 CET53497071.1.1.1192.168.2.8
          Oct 30, 2024 00:08:28.001811028 CET53497071.1.1.1192.168.2.8
          Oct 30, 2024 00:08:28.444871902 CET53497071.1.1.1192.168.2.8
          Oct 30, 2024 00:08:28.444927931 CET4970753192.168.2.81.1.1.1
          Oct 30, 2024 00:08:29.424923897 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:29.424974918 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:29.425187111 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:29.425221920 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:29.425223112 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:29.425276995 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:29.425482988 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:29.425496101 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:29.425642967 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:29.425652981 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:29.931488991 CET49673443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:30.268100023 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.268428087 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.268455982 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.268821955 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.268886089 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.269506931 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.269567013 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.270622015 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.270678997 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.270941019 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.270950079 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.307682037 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.308753967 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.308796883 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.309114933 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.309189081 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.309716940 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.309777975 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.309912920 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.309962034 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.343236923 CET49672443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:30.343271971 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.358661890 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.358688116 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.402731895 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.656534910 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.656618118 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.659797907 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.659827948 CET44349713142.250.186.78192.168.2.8
          Oct 30, 2024 00:08:30.659883022 CET49713443192.168.2.8142.250.186.78
          Oct 30, 2024 00:08:30.673046112 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:30.673074961 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:30.673137903 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:30.673415899 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:30.673424006 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:31.060662985 CET49676443192.168.2.852.182.143.211
          Oct 30, 2024 00:08:31.542511940 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:31.551860094 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:31.551882982 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:31.552855015 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:31.552927971 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:31.555651903 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:31.555716038 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:31.555911064 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:31.555916071 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:31.603893042 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:32.094016075 CET4434970423.206.229.226192.168.2.8
          Oct 30, 2024 00:08:32.094136000 CET49704443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:32.520137072 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:32.520242929 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:32.520298004 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:32.520324945 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:32.520392895 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:32.523910046 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:32.523941994 CET44349716142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:32.524003983 CET49716443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:32.623524904 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:32.623572111 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:32.623735905 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:32.625396013 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:32.625407934 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:32.710406065 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:32.710452080 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:32.710674047 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:32.796972036 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:32.796983957 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:33.493509054 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:33.493592024 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:33.664449930 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:33.664804935 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:33.664828062 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:33.665700912 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:33.665751934 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:33.667390108 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:33.667448044 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:33.791682959 CET4967780192.168.2.8192.229.211.108
          Oct 30, 2024 00:08:33.791697979 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:33.791717052 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:33.816540003 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:33.816559076 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:33.816854954 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:33.869847059 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:33.901070118 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:34.308861017 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:34.355324030 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:34.558923960 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:34.559156895 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:34.559289932 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:34.559432030 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:34.559448957 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:34.559462070 CET49717443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:34.559467077 CET44349717184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:34.617183924 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:34.617235899 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:34.617295980 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:34.617661953 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:34.617674112 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:35.470371008 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:35.470455885 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:35.472168922 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:35.472187996 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:35.472433090 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:35.474081993 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:35.519329071 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:35.718204975 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:35.718276024 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:35.718329906 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:35.719829082 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:35.719856977 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:35.719887018 CET49720443192.168.2.8184.28.90.27
          Oct 30, 2024 00:08:35.719892979 CET44349720184.28.90.27192.168.2.8
          Oct 30, 2024 00:08:43.057015896 CET49704443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:43.057904959 CET49704443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:43.058573961 CET49724443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:43.058619976 CET4434972423.206.229.226192.168.2.8
          Oct 30, 2024 00:08:43.059901953 CET49724443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:43.062170982 CET49724443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:43.062180996 CET4434972423.206.229.226192.168.2.8
          Oct 30, 2024 00:08:43.062639952 CET4434970423.206.229.226192.168.2.8
          Oct 30, 2024 00:08:43.063827991 CET4434970423.206.229.226192.168.2.8
          Oct 30, 2024 00:08:43.656048059 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:43.656131029 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:43.656181097 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:43.726000071 CET4434972423.206.229.226192.168.2.8
          Oct 30, 2024 00:08:43.726090908 CET49724443192.168.2.823.206.229.226
          Oct 30, 2024 00:08:44.118190050 CET49718443192.168.2.8216.58.206.68
          Oct 30, 2024 00:08:44.118237972 CET44349718216.58.206.68192.168.2.8
          Oct 30, 2024 00:08:50.604595900 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:50.604643106 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:50.604707956 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:50.604893923 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:50.604924917 CET44349726142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:50.604965925 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:50.606671095 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:50.606688976 CET44349726142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:50.606815100 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:50.606837988 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.450386047 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.450675011 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:51.450695038 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.450964928 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.451407909 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:51.451457024 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.451699018 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:51.478100061 CET44349726142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.478663921 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:51.478681087 CET44349726142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.480140924 CET44349726142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.480206966 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:51.480524063 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:51.480611086 CET44349726142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.495326996 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.523910046 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:51.523925066 CET44349726142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:51.569528103 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:54.082804918 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:54.082879066 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:54.091145039 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:54.091208935 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:54.099745035 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:54.099792957 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:54.100161076 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:08:54.100193977 CET44349725142.250.184.193192.168.2.8
          Oct 30, 2024 00:08:54.100234985 CET49725443192.168.2.8142.250.184.193
          Oct 30, 2024 00:09:02.886720896 CET4434972423.206.229.226192.168.2.8
          Oct 30, 2024 00:09:02.889466047 CET49724443192.168.2.823.206.229.226
          Oct 30, 2024 00:09:12.291408062 CET4970380192.168.2.893.184.221.240
          Oct 30, 2024 00:09:12.297367096 CET804970393.184.221.240192.168.2.8
          Oct 30, 2024 00:09:12.297454119 CET4970380192.168.2.893.184.221.240
          Oct 30, 2024 00:09:15.368405104 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:09:15.368478060 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:09:32.125195980 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:09:32.125384092 CET44349712142.250.186.78192.168.2.8
          Oct 30, 2024 00:09:32.125461102 CET49712443192.168.2.8142.250.186.78
          Oct 30, 2024 00:09:32.254348040 CET49729443192.168.2.8216.58.206.68
          Oct 30, 2024 00:09:32.254440069 CET44349729216.58.206.68192.168.2.8
          Oct 30, 2024 00:09:32.254542112 CET49729443192.168.2.8216.58.206.68
          Oct 30, 2024 00:09:32.254743099 CET49729443192.168.2.8216.58.206.68
          Oct 30, 2024 00:09:32.254766941 CET44349729216.58.206.68192.168.2.8
          Oct 30, 2024 00:09:33.130194902 CET44349729216.58.206.68192.168.2.8
          Oct 30, 2024 00:09:33.130908966 CET49729443192.168.2.8216.58.206.68
          Oct 30, 2024 00:09:33.130960941 CET44349729216.58.206.68192.168.2.8
          Oct 30, 2024 00:09:33.131262064 CET44349729216.58.206.68192.168.2.8
          Oct 30, 2024 00:09:33.131824970 CET49729443192.168.2.8216.58.206.68
          Oct 30, 2024 00:09:33.131905079 CET44349729216.58.206.68192.168.2.8
          Oct 30, 2024 00:09:33.184035063 CET49729443192.168.2.8216.58.206.68
          Oct 30, 2024 00:09:36.527966976 CET49726443192.168.2.8142.250.184.193
          Oct 30, 2024 00:09:36.528027058 CET44349726142.250.184.193192.168.2.8
          Oct 30, 2024 00:09:43.148150921 CET44349729216.58.206.68192.168.2.8
          Oct 30, 2024 00:09:43.148313046 CET44349729216.58.206.68192.168.2.8
          Oct 30, 2024 00:09:43.148490906 CET49729443192.168.2.8216.58.206.68
          Oct 30, 2024 00:09:44.120177031 CET49729443192.168.2.8216.58.206.68
          Oct 30, 2024 00:09:44.120218992 CET44349729216.58.206.68192.168.2.8

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Oct 30, 2024 00:08:27.924954891 CET53639221.1.1.1192.168.2.8
          Oct 30, 2024 00:08:27.946783066 CET53546681.1.1.1192.168.2.8
          Oct 30, 2024 00:08:29.207870960 CET53499441.1.1.1192.168.2.8
          Oct 30, 2024 00:08:29.416249990 CET5741153192.168.2.81.1.1.1
          Oct 30, 2024 00:08:29.416399002 CET5793253192.168.2.81.1.1.1
          Oct 30, 2024 00:08:29.423260927 CET53574111.1.1.1192.168.2.8
          Oct 30, 2024 00:08:29.423710108 CET53579321.1.1.1192.168.2.8
          Oct 30, 2024 00:08:30.662395000 CET6039053192.168.2.81.1.1.1
          Oct 30, 2024 00:08:30.662765980 CET5371353192.168.2.81.1.1.1
          Oct 30, 2024 00:08:30.670192003 CET53603901.1.1.1192.168.2.8
          Oct 30, 2024 00:08:30.671962023 CET53537131.1.1.1192.168.2.8
          Oct 30, 2024 00:08:32.255439997 CET5049153192.168.2.81.1.1.1
          Oct 30, 2024 00:08:32.256485939 CET5757553192.168.2.81.1.1.1
          Oct 30, 2024 00:08:32.262588024 CET53504911.1.1.1192.168.2.8
          Oct 30, 2024 00:08:32.264019012 CET53575751.1.1.1192.168.2.8
          Oct 30, 2024 00:08:32.888778925 CET53651571.1.1.1192.168.2.8
          Oct 30, 2024 00:08:34.764575005 CET53616911.1.1.1192.168.2.8
          Oct 30, 2024 00:08:46.170245886 CET53619521.1.1.1192.168.2.8
          Oct 30, 2024 00:09:05.270088911 CET53543191.1.1.1192.168.2.8
          Oct 30, 2024 00:09:11.877090931 CET138138192.168.2.8192.168.2.255
          Oct 30, 2024 00:09:27.453804016 CET53523241.1.1.1192.168.2.8
          Oct 30, 2024 00:09:27.597559929 CET53601571.1.1.1192.168.2.8

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
          Oct 30, 2024 00:08:29.416249990 CET192.168.2.81.1.1.10xeb7eStandard query (0)docs.google.comA (IP address)IN (0x0001)false
          Oct 30, 2024 00:08:29.416399002 CET192.168.2.81.1.1.10x3bb0Standard query (0)docs.google.com65IN (0x0001)false
          Oct 30, 2024 00:08:30.662395000 CET192.168.2.81.1.1.10x7f5aStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
          Oct 30, 2024 00:08:30.662765980 CET192.168.2.81.1.1.10x4831Standard query (0)drive.usercontent.google.com65IN (0x0001)false
          Oct 30, 2024 00:08:32.255439997 CET192.168.2.81.1.1.10xbe00Standard query (0)www.google.comA (IP address)IN (0x0001)false
          Oct 30, 2024 00:08:32.256485939 CET192.168.2.81.1.1.10x4e82Standard query (0)www.google.com65IN (0x0001)false

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
          Oct 30, 2024 00:08:29.423260927 CET1.1.1.1192.168.2.80xeb7eNo error (0)docs.google.com142.250.186.78A (IP address)IN (0x0001)false
          Oct 30, 2024 00:08:30.670192003 CET1.1.1.1192.168.2.80x7f5aNo error (0)drive.usercontent.google.com142.250.184.193A (IP address)IN (0x0001)false
          Oct 30, 2024 00:08:32.262588024 CET1.1.1.1192.168.2.80xbe00No error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
          Oct 30, 2024 00:08:32.264019012 CET1.1.1.1192.168.2.80x4e82No error (0)www.google.com65IN (0x0001)false
          Oct 30, 2024 00:08:41.124170065 CET1.1.1.1192.168.2.80x4ab2No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Oct 30, 2024 00:08:41.124170065 CET1.1.1.1192.168.2.80x4ab2No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
          Oct 30, 2024 00:08:55.231378078 CET1.1.1.1192.168.2.80xdbdfNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
          Oct 30, 2024 00:08:55.231378078 CET1.1.1.1192.168.2.80xdbdfNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

          HTTP Request Dependency Graph

          • docs.google.com
          • drive.usercontent.google.com
          • fs.microsoft.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.849713142.250.186.784436728C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-10-29 23:08:30 UTC846OUTGET /uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv HTTP/1.1
          Host: docs.google.com
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-10-29 23:08:30 UTC1626INHTTP/1.1 303 See Other
          Content-Type: application/binary
          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
          Pragma: no-cache
          Expires: Mon, 01 Jan 1990 00:00:00 GMT
          Date: Tue, 29 Oct 2024 23:08:30 GMT
          Location: https://drive.usercontent.google.com/download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download
          Strict-Transport-Security: max-age=31536000
          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
          Content-Security-Policy: script-src 'report-sample' 'nonce-pD1WW2Ltf61Axr_egoCHRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
          Cross-Origin-Opener-Policy: same-origin
          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          Server: ESF
          Content-Length: 0
          X-XSS-Protection: 0
          X-Frame-Options: SAMEORIGIN
          X-Content-Type-Options: nosniff
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Connection: close


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.849716142.250.184.1934436728C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-10-29 23:08:31 UTC865OUTGET /download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download HTTP/1.1
          Host: drive.usercontent.google.com
          Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==
          Sec-Fetch-Site: none
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-platform: "Windows"
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          2024-10-29 23:08:32 UTC2269INHTTP/1.1 200 OK
          Content-Type: text/html; charset=utf-8
          Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
          Content-Security-Policy: sandbox allow-scripts allow-forms allow-downloads
          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
          Content-Security-Policy: script-src 'report-sample' 'nonce-LG3N1iBg5DKOIUSomyH8SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
          Pragma: no-cache
          Expires: Mon, 01 Jan 1990 00:00:00 GMT
          Date: Tue, 29 Oct 2024 23:08:32 GMT
          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
          Cross-Origin-Opener-Policy: same-origin
          Cross-Origin-Resource-Policy: same-site
          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          reporting-endpoints: default="/_/DriveUntrustedContentHttp/web-reports?context=eJzjMtDikmII1JBicEqfwRoCxKt_nmNdD8S7rM6zHgDiPZuANBD_kbnEyiB7iVWIh-PD1dadbAI3Dl9ZyqikmpRfGJ9SlFmWmlFSUpBYkFmcWlSWWhRvZGBkYmhgaK5nYBRfYAAABsInEw"
          Content-Length: 2462
          X-GUploader-UploadID: AHmUCY1FpjywmW11qfs4G03AeLVXefi3KYAoE5PBG6KDCrhreb1Ynf71bCzrNsfczrNVJG7Y5YwfjHhDow
          Server: UploadServer
          Set-Cookie: NID=518=zGq4SgW847MYOiqqEwudlL_LnPlfqZKIXUEHdQl6dKH8ykyPPnfKIjxyuFzRFzXded2vS5FGIrTs7IXiACH6eO7zGekX_pGUBBH9yumVxqXIPxxJDGjrErnjYqbY4E7Us30EwnCEv-YJluuOKzpE6Zr2-2FOFbaGqjNhghzmvpy23DjPAw; expires=Wed, 30-Apr-2025 23:08:31 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Connection: close
          2024-10-29 23:08:32 UTC2269INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 47 6f 6f 67 6c 65 20 44 72 69 76 65 20 2d 20 56 69 72 75 73 20 73 63 61 6e 20 77 61 72 6e 69 6e 67 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 54 4c 45 37 66 47 69 38 4b 39 30 62 39 49 75 5a 73 44 6c 58 41 22 3e 2e 67 6f 6f 67 2d 6c 69 6e 6b 2d 62 75 74 74 6f 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6f 6c 6f 72 3a 23 31 35 63 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63
          Data Ascii: <!DOCTYPE html><html><head><title>Google Drive - Virus scan warning</title><meta http-equiv="content-type" content="text/html; charset=utf-8"/><style nonce="FTLE7fGi8K90b9IuZsDlXA">.goog-link-button{position:relative;color:#15c;text-decoration:underline;c
          2024-10-29 23:08:32 UTC193INData Raw: 6d 65 3d 22 63 6f 6e 66 69 72 6d 22 20 76 61 6c 75 65 3d 22 74 22 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 75 75 69 64 22 20 76 61 6c 75 65 3d 22 33 64 30 39 35 38 34 64 2d 61 37 36 34 2d 34 33 38 65 2d 38 30 62 34 2d 61 30 62 62 63 38 65 38 64 65 36 36 22 3e 3c 2f 66 6f 72 6d 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 75 63 2d 66 6f 6f 74 65 72 22 3e 3c 68 72 20 63 6c 61 73 73 3d 22 75 63 2d 66 6f 6f 74 65 72 2d 64 69 76 69 64 65 72 22 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
          Data Ascii: me="confirm" value="t"><input type="hidden" name="uuid" value="3d09584d-a764-438e-80b4-a0bbc8e8de66"></form></div></div><div class="uc-footer"><hr class="uc-footer-divider"></div></body></html>


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.849717184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-10-29 23:08:34 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-10-29 23:08:34 UTC466INHTTP/1.1 200 OK
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-weu-z1
          Cache-Control: public, max-age=49574
          Date: Tue, 29 Oct 2024 23:08:34 GMT
          Connection: close
          X-CID: 2


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.849720184.28.90.27443
          TimestampBytes transferredDirectionData
          2024-10-29 23:08:35 UTC239OUTGET /fs/windows/config.json HTTP/1.1
          Connection: Keep-Alive
          Accept: */*
          Accept-Encoding: identity
          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
          Range: bytes=0-2147483646
          User-Agent: Microsoft BITS/7.8
          Host: fs.microsoft.com
          2024-10-29 23:08:35 UTC514INHTTP/1.1 200 OK
          ApiVersion: Distribute 1.1
          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
          Content-Type: application/octet-stream
          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
          Server: ECAcc (lpl/EF06)
          X-CID: 11
          X-Ms-ApiVersion: Distribute 1.2
          X-Ms-Region: prod-weu-z1
          Cache-Control: public, max-age=49627
          Date: Tue, 29 Oct 2024 23:08:35 GMT
          Content-Length: 55
          Connection: close
          X-CID: 2
          2024-10-29 23:08:35 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          4192.168.2.849725142.250.184.1934436728C:\Program Files\Google\Chrome\Application\chrome.exe
          TimestampBytes transferredDirectionData
          2024-10-29 23:08:51 UTC1372OUTGET /download?id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv&export=download&confirm=t&uuid=3d09584d-a764-438e-80b4-a0bbc8e8de66 HTTP/1.1
          Host: drive.usercontent.google.com
          Connection: keep-alive
          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
          sec-ch-ua-mobile: ?0
          sec-ch-ua-full-version: "117.0.5938.132"
          sec-ch-ua-arch: "x86"
          sec-ch-ua-platform: "Windows"
          sec-ch-ua-platform-version: "10.0.0"
          sec-ch-ua-model: ""
          sec-ch-ua-bitness: "64"
          sec-ch-ua-wow64: ?0
          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIkqHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==
          Sec-Fetch-Site: cross-site
          Sec-Fetch-Mode: navigate
          Sec-Fetch-User: ?1
          Sec-Fetch-Dest: document
          Accept-Encoding: gzip, deflate, br
          Accept-Language: en-US,en;q=0.9
          Cookie: NID=518=zGq4SgW847MYOiqqEwudlL_LnPlfqZKIXUEHdQl6dKH8ykyPPnfKIjxyuFzRFzXded2vS5FGIrTs7IXiACH6eO7zGekX_pGUBBH9yumVxqXIPxxJDGjrErnjYqbY4E7Us30EwnCEv-YJluuOKzpE6Zr2-2FOFbaGqjNhghzmvpy23DjPAw
          2024-10-29 23:08:54 UTC4955INHTTP/1.1 200 OK
          Content-Type: application/octet-stream
          Content-Security-Policy: sandbox
          Content-Security-Policy: default-src 'none'
          Content-Security-Policy: frame-ancestors 'none'
          X-Content-Security-Policy: sandbox
          Cross-Origin-Opener-Policy: same-origin
          Cross-Origin-Embedder-Policy: require-corp
          Cross-Origin-Resource-Policy: same-site
          X-Content-Type-Options: nosniff
          Content-Disposition: attachment; filename="FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
          Access-Control-Allow-Origin: *
          Access-Control-Allow-Credentials: false
          Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
          Access-Control-Allow-Methods: GET,HEAD,OPTIONS
          Accept-Ranges: bytes
          Content-Length: 6957
          Last-Modified: Mon, 28 Oct 2024 17:34:16 GMT
          X-GUploader-UploadID: AHmUCY0pmmCT7mEhWvDNlEg93XoSCKjo5JSPh8y5X_AOHieOAh-sZTvLUsWc92QYOga6aDMvE1I2Yv3agw
          Date: Tue, 29 Oct 2024 23:08:53 GMT
          Expires: Tue, 29 Oct 2024 23:08:53 GMT
          Cache-Control: private, max-age=0
          X-Goog-Hash: crc32c=JBPPtQ==
          Server: UploadServer
          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
          Connection: close
          2024-10-29 23:08:54 UTC4955INData Raw: 50 4b 03 04 14 00 09 00 08 00 1b 5c 5c 59 3a 23 66 fe 27 1a 00 00 f0 49 03 00 38 00 00 00 46 41 4c 4c 4f 20 53 45 47 55 4e 44 41 20 49 4e 53 54 41 4e 43 49 41 20 54 55 54 45 4c 41 20 52 41 44 20 31 39 2d 32 30 32 34 2d 31 30 31 33 34 2d 30 31 2e 2e 62 61 74 b9 29 f6 b8 a5 80 2a 1a 15 47 06 ec 60 4a 04 a6 2b 5a 42 e2 b7 78 01 d0 d0 64 63 37 02 cb e2 73 57 37 dd 55 02 c1 7f 81 f3 7e 4c e1 31 74 71 92 0f 7d 3e 44 63 20 7a 70 ba 9f 2b 16 e8 0d 35 24 76 df 1d 4b e7 ec a4 57 34 de 7b 9a eb 69 5e 95 b1 d4 d5 e6 f3 e3 45 ba 0c dd a6 ed cc 5b 7c 08 23 63 0a 6a 16 7b 51 15 8b 73 00 33 33 b5 d1 72 88 b7 b4 5d 5b cb 05 17 1a 67 7a 25 da 49 f3 db 6e fb f6 21 9d b2 fd 30 1f a3 78 56 cb 6d ac e5 59 6e 76 1a 92 c0 77 66 1d 29 0c 38 4b 57 f1 08 61 06 60 eb 5f 89 30 36 a4
          Data Ascii: PK\\Y:#f'I8FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01..bat)*G`J+ZBxdc7sW7U~L1tq}>Dc zp+5$vKW4{i^E[|#cj{Qs33r][gz%In!0xVmYnvwf)8KWa`_06
          2024-10-29 23:08:54 UTC2002INData Raw: 91 5a f2 fe da 32 b1 62 cb 4f 71 47 69 e5 a1 fd 0c 35 6d 5c 00 2a b0 f6 c5 2e 8b ed 7a 41 d1 ee 15 39 e1 f8 d9 7b 19 47 f5 af 4e 84 83 b9 83 ec c9 21 4c 83 66 c5 13 1d 5a 02 66 23 26 80 2e 96 9c 3c b8 06 0d 72 5c 82 82 1f 5f 66 3e e1 d3 19 35 48 56 56 82 7a 65 5e 59 92 10 48 ec 31 12 28 41 2f 24 f1 6f f7 bc da 6c 0c 93 a9 34 b3 4d c8 c2 2e b8 35 17 0e 7e 08 6d a4 b8 29 3b 5b 02 a3 74 73 85 72 88 c9 48 2c aa b2 94 2b 48 8f f6 c2 f9 2c 1d 2f cd 4e 86 5b 10 5f d8 ed 8f 55 7e b2 50 5b f4 1a d3 4c 08 ff 47 5b 67 16 c4 a3 d9 db 02 9d 6d be 79 38 1e 4a cd a7 5c e0 2f a5 2e cb a5 77 7a 88 1e 3e a6 c3 04 56 51 92 83 5e 09 53 0d c5 d3 b3 39 09 d2 02 57 74 ee 4d 36 20 9a 54 4a fb d1 13 41 cd eb c4 61 d5 31 32 99 59 e6 aa d4 f0 38 68 bb 15 7c 25 9d d5 03 17 57 f0 07
          Data Ascii: Z2bOqGi5m\*.zA9{GN!LfZf#&.<r\_f>5HVVze^YH1(A/$ol4M.5~m);[tsrH,+H,/N[_U~P[LG[gmy8J\/.wz>VQ^S9WtM6 TJAa12Y8h|%W


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:19:08:22
          Start date:29/10/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
          Imagebase:0x7ff678760000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:19:08:26
          Start date:29/10/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=2016,i,16869703180556477407,8708892340595785305,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
          Imagebase:0x7ff678760000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:3
          Start time:19:08:28
          Start date:29/10/2024
          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/uc?export=download&id=1gucHUhrnC0jRDGAhRfRkCK8rYqf0o3cv"
          Imagebase:0x7ff678760000
          File size:3'242'272 bytes
          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:8
          Start time:19:08:55
          Start date:29/10/2024
          Path:C:\Windows\SysWOW64\unarchiver.exe
          Wow64 process (32bit):true
          Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
          Imagebase:0x480000
          File size:12'800 bytes
          MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:false

          General

          Target ID:9
          Start time:19:08:55
          Start date:29/10/2024
          Path:C:\Windows\SysWOW64\7za.exe
          Wow64 process (32bit):true
          Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\qhqxwr2q.1y1" "C:\Users\user\Downloads\FALLO SEGUNDA INSTANCIA TUTELA RAD 19-2024-10134-01.zip"
          Imagebase:0x9e0000
          File size:289'792 bytes
          MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:10
          Start time:19:08:55
          Start date:29/10/2024
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff6ee680000
          File size:862'208 bytes
          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:21.8%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:5.3%
            Total number of Nodes:76
            Total number of Limit Nodes:4
            execution_graph 1245 d8a2da 1246 d8a32f 1245->1246 1247 d8a306 SetErrorMode 1245->1247 1246->1247 1248 d8a31b 1247->1248 1306 d8a5dc 1307 d8a5fe CreateFileW 1306->1307 1309 d8a685 1307->1309 1310 d8a850 1312 d8a882 SetFilePointer 1310->1312 1313 d8a8e6 1312->1313 1314 d8a6d4 1315 d8a716 CloseHandle 1314->1315 1317 d8a750 1315->1317 1264 d8b1d6 1265 d8b238 1264->1265 1266 d8b202 GetSystemInfo 1264->1266 1265->1266 1267 d8b210 1266->1267 1275 d8a716 1276 d8a742 CloseHandle 1275->1276 1277 d8a781 1275->1277 1278 d8a750 1276->1278 1277->1276 1334 d8af8b 1335 d8afb2 FindClose 1334->1335 1337 d8aff3 1335->1337 1338 d8aa0b 1339 d8aa46 CreateDirectoryW 1338->1339 1341 d8aa93 1339->1341 1342 d8a78f 1344 d8a7c2 GetFileType 1342->1344 1345 d8a824 1344->1345 1346 d8a50f 1347 d8a540 GetTempPathW 1346->1347 1349 d8a5c4 1347->1349 1287 d8a882 1288 d8a8b7 SetFilePointer 1287->1288 1290 d8a8e6 1288->1290 1350 d8ad04 1351 d8ad2a DuplicateHandle 1350->1351 1353 d8adaf 1351->1353 1299 d8aa46 1300 d8aa6c CreateDirectoryW 1299->1300 1302 d8aa93 1300->1302 1249 d8a5fe 1251 d8a636 CreateFileW 1249->1251 1252 d8a685 1251->1252 1326 d8a370 1327 d8a392 RegQueryValueExW 1326->1327 1329 d8a41b 1327->1329 1257 d8afb2 1258 d8afde FindClose 1257->1258 1260 d8b010 1257->1260 1259 d8aff3 1258->1259 1260->1258 1261 d8a172 1262 d8a1c2 FindNextFileW 1261->1262 1263 d8a1ca 1262->1263 1354 d8a933 1356 d8a962 WriteFile 1354->1356 1357 d8a9c9 1356->1357 1358 d8b1b4 1359 d8b1d6 GetSystemInfo 1358->1359 1361 d8b210 1359->1361 1330 d8ab76 1331 d8aba5 CreatePipe 1330->1331 1333 d8ac3e 1331->1333 1362 d8a2ae 1365 d8a2b2 SetErrorMode 1362->1365 1364 d8a31b 1365->1364 1366 d8a120 1367 d8a172 FindNextFileW 1366->1367 1369 d8a1ca 1367->1369 1291 d8a962 1294 d8a997 WriteFile 1291->1294 1293 d8a9c9 1294->1293 1295 d8abe6 1296 d8ac0f CreatePipe 1295->1296 1298 d8ac3e 1296->1298

            Callgraph

            • Executed
            • Not Executed
            • Opacity -> Relevance
            • Disassembly available
            callgraph 0 Function_00D8AADA 1 Function_00D8A2DA 2 Function_00D8A5DC 3 Function_00EA00EC 4 Function_00EA05EC 5 Function_00D820D0 6 Function_00E90DE0 27 Function_00E90BA0 6->27 7 Function_00D8A6D4 8 Function_00D8B1D6 9 Function_00D8A7C2 10 Function_00E910CA 11 Function_00D8A5FE 12 Function_00D8B4FF 13 Function_00D821F0 14 Function_00E902C0 14->4 14->27 32 Function_00E910A5 14->32 50 Function_00E90799 14->50 77 Function_00E90E42 14->77 112 Function_00EA0606 14->112 15 Function_00E910C2 16 Function_00D8A1F4 17 Function_00D823F4 18 Function_00D8AAE0 19 Function_00E90DD1 19->27 20 Function_00D8ABE6 21 Function_00D82098 22 Function_00E90CA8 23 Function_00D8A09A 24 Function_00EA00A9 25 Function_00D8B49E 26 Function_00D8B39E 28 Function_00D8A392 29 Function_00EA04A1 30 Function_00E90DA2 30->27 31 Function_00D82194 32->27 33 Function_00D82695 34 Function_00D8AF8B 35 Function_00D8AC8E 36 Function_00D8A78F 37 Function_00EA07B2 38 Function_00E905B1 39 Function_00E902B0 39->4 39->27 39->32 39->50 39->77 39->112 40 Function_00D8A882 41 Function_00EA07B6 42 Function_00D8A486 43 Function_00D823BC 44 Function_00E90B8F 45 Function_00D8AFB2 46 Function_00D8AEB2 47 Function_00D8B1B4 48 Function_00D822B4 49 Function_00EA0784 50->4 50->22 50->27 51 Function_00E90C99 50->51 61 Function_00E90C60 50->61 82 Function_00E90C50 50->82 50->112 52 Function_00EA009B 53 Function_00D8A2AE 54 Function_00EA066A 55 Function_00D82458 56 Function_00D8A45C 57 Function_00D8B15D 58 Function_00EA026D 59 Function_00D8A850 60 Function_00D8B351 62 Function_00E90060 63 Function_00D8B052 64 Function_00D8B556 65 Function_00EA067F 66 Function_00D8B442 67 Function_00D82044 68 Function_00D8AA46 69 Function_00D8B246 70 Function_00D8A078 71 Function_00E90748 72 Function_00D8247C 73 Function_00D8267C 74 Function_00D8A370 75 Function_00D8B470 76 Function_00D8A172 77->27 78 Function_00D8B276 79 Function_00D8AB76 80 Function_00D8AC6C 81 Function_00EA005C 83 Function_00D8A962 84 Function_00D8A462 85 Function_00D82264 86 Function_00D82364 87 Function_00D8A566 88 Function_00EA082E 89 Function_00D8B01E 90 Function_00D82310 91 Function_00D8A716 92 Function_00EA0024 93 Function_00EA0724 94 Function_00E90739 95 Function_00D8AA0B 96 Function_00E90C3D 97 Function_00D8A50F 98 Function_00D8AF00 99 Function_00D8AD04 100 Function_00D8A005 101 Function_00D8AE05 102 Function_00D82005 103 Function_00D8AB06 104 Function_00E90E08 104->27 105 Function_00D8A23A 106 Function_00EA0008 107 Function_00D8213C 108 Function_00D8A33D 109 Function_00EA000C 110 Function_00D82430 111 Function_00D8A933 113 Function_00E90E18 113->27 114 Function_00D8AD2A 115 Function_00D8A02E 116 Function_00D8B12F 117 Function_00D8A120 118 Function_00D8B121 119 Function_00D8AF22 120 Function_00E90014 121 Function_00EA0814

            Executed Functions

            Function 00D8B1D6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
            Download Yara Rule
            APIs
            • GetSystemInfo.KERNELBASE(?), ref: 00D8B208
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: InfoSystem
            • String ID:
            • API String ID: 31276548-0
            • Opcode ID: 92b1993e466a4361e51136fb55f36cdcb6788bc9298d89361265baadd998e3d4
            • Instruction ID: f7d40182f8a26a6c8d5b02cc5ed644c9dd8f2645e042f79e62472073c83d4e3b
            • Opcode Fuzzy Hash: 92b1993e466a4361e51136fb55f36cdcb6788bc9298d89361265baadd998e3d4
            • Instruction Fuzzy Hash: E1018B749042408FDB10DF55D88576AFBE4EF05720F08C8ABDD488F252E379A404CBA2
            Function 00D8B246 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 d8b246-d8b2eb 5 d8b2ed-d8b2f5 DuplicateHandle 0->5 6 d8b343-d8b348 0->6 8 d8b2fb-d8b30d 5->8 6->5 9 d8b34a-d8b34f 8->9 10 d8b30f-d8b340 8->10 9->10
            APIs
            • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00D8B2F3
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 59469286cb7e93f7e190488f7af3a1e1837745c35b291bb3fe4154d365653cd6
            • Instruction ID: e4fad8574964a15e72b0bf0c4ea11f796cad5c2e178b207e76dfbd22527cb363
            • Opcode Fuzzy Hash: 59469286cb7e93f7e190488f7af3a1e1837745c35b291bb3fe4154d365653cd6
            • Instruction Fuzzy Hash: 3531B4714083446FE7228F61CC45FA7BFBCEF55324F04889AE985CB162D325A909DBB1
            Function 00D8AD04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 14 d8ad04-d8ad9f 19 d8ada1-d8ada9 DuplicateHandle 14->19 20 d8adf7-d8adfc 14->20 22 d8adaf-d8adc1 19->22 20->19 23 d8adfe-d8ae03 22->23 24 d8adc3-d8adf4 22->24 23->24
            APIs
            • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00D8ADA7
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: a4a046f8d0af4130d448281b7d190ed66a6bedde286b6ebdace07f01bb5cf187
            • Instruction ID: d7a9048086ead7670b2f50d129b3ccb9d506ece4d6571af89eadd39f20eaee26
            • Opcode Fuzzy Hash: a4a046f8d0af4130d448281b7d190ed66a6bedde286b6ebdace07f01bb5cf187
            • Instruction Fuzzy Hash: D031B5714043446FEB228F65CC45FA7BFACEF45214F04489AF985CB552E325E819DBB1
            Function 00D8AB76 Relevance: 1.6, APIs: 1, Instructions: 93pipeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 28 d8ab76-d8aba3 29 d8ac0f-d8ac67 CreatePipe 28->29 30 d8aba5-d8ac0a 28->30 30->29
            APIs
            • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00D8AC36
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CreatePipe
            • String ID:
            • API String ID: 2719314638-0
            • Opcode ID: bf7d36381b8667b48c57352cf0b1271712932407f00c91a142244a2fde3ecfbd
            • Instruction ID: 19f9192bf10313db10d203ef12dab67c8e014e92fad400b7ec546aff9e8f120e
            • Opcode Fuzzy Hash: bf7d36381b8667b48c57352cf0b1271712932407f00c91a142244a2fde3ecfbd
            • Instruction Fuzzy Hash: D3318D7150E3C46FD3138B718C65A62BFB4AF47610F1A84DBD8C4DF1A3D2296919CBA2
            Function 00D8A5DC Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 35 d8a5dc-d8a656 39 d8a658 35->39 40 d8a65b-d8a667 35->40 39->40 41 d8a669 40->41 42 d8a66c-d8a675 40->42 41->42 43 d8a6c6-d8a6cb 42->43 44 d8a677-d8a69b CreateFileW 42->44 43->44 47 d8a6cd-d8a6d2 44->47 48 d8a69d-d8a6c3 44->48 47->48
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00D8A67D
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 0fc682938eee43cf618795d0befe65886def45d11ea5c9de676082c6d4d2c50b
            • Instruction ID: c1914386ed79f6a495716a51ee4b66f7878ebfe23666eaf1e426d400d37b2b49
            • Opcode Fuzzy Hash: 0fc682938eee43cf618795d0befe65886def45d11ea5c9de676082c6d4d2c50b
            • Instruction Fuzzy Hash: 3731AF71505744AFE721CF65CC45F66FBE8EF05224F08889EE9858B252E375E808CB71
            Function 00D8B4FF Relevance: 1.6, APIs: 1, Instructions: 82registryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 56 d8b4ff-d8b553 57 d8b556-d8b5ae RegQueryValueExW 56->57 59 d8b5b4-d8b5ca 57->59
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 00D8B5A6
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 728e24352f1c2e90d62f5d8b01702df51f31b759428712acb780293575afc5d7
            • Instruction ID: b9212c0be763c6e93146f561244fee0820f819a82b4e1240666164e6b65692b2
            • Opcode Fuzzy Hash: 728e24352f1c2e90d62f5d8b01702df51f31b759428712acb780293575afc5d7
            • Instruction Fuzzy Hash: 1B21F97550D3C06FC3138B259C51B62BFB4EF47614F0A85CFE8848B653D225A91AC7B2
            Function 00D8A120 Relevance: 1.6, APIs: 1, Instructions: 82fileCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 51 d8a120-d8a1f3 FindNextFileW
            APIs
            • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00D8A1C2
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: FileFindNext
            • String ID:
            • API String ID: 2029273394-0
            • Opcode ID: 8f3cb0acfdb7f42cc2acb0410b3eec5b89881c88a3ab0341bf1d0d71964c4b35
            • Instruction ID: fa6c867d420ea5ad4943f94e49ab0d29d5dd261b16b38637afff6ffd94ba7ccc
            • Opcode Fuzzy Hash: 8f3cb0acfdb7f42cc2acb0410b3eec5b89881c88a3ab0341bf1d0d71964c4b35
            • Instruction Fuzzy Hash: 1521A17150D3C06FD3128B258C51BA6BFB4EF47620F1985DBD8848F293D229A919D7A2
            Function 00D8A370 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 60 d8a370-d8a3cf 63 d8a3d1 60->63 64 d8a3d4-d8a3dd 60->64 63->64 65 d8a3df 64->65 66 d8a3e2-d8a3e8 64->66 65->66 67 d8a3ea 66->67 68 d8a3ed-d8a404 66->68 67->68 70 d8a43b-d8a440 68->70 71 d8a406-d8a419 RegQueryValueExW 68->71 70->71 72 d8a41b-d8a438 71->72 73 d8a442-d8a447 71->73 73->72
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,D3B8DE3D,00000000,00000000,00000000,00000000), ref: 00D8A40C
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 231a241e1df6281ccb56b6555963973b2341c90989071f828abba64f07a96ac8
            • Instruction ID: 1bff82c978ae9ad0dd379cefb2492fc1ffe24a203ce5d809c12626de1029f34f
            • Opcode Fuzzy Hash: 231a241e1df6281ccb56b6555963973b2341c90989071f828abba64f07a96ac8
            • Instruction Fuzzy Hash: 2C215A75505744AFE721CF55CC84FA6BBF8EF45610F08849AE985CB292D364E908CBB2
            Function 00D8B276 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 95 d8b276-d8b2eb 99 d8b2ed-d8b2f5 DuplicateHandle 95->99 100 d8b343-d8b348 95->100 102 d8b2fb-d8b30d 99->102 100->99 103 d8b34a-d8b34f 102->103 104 d8b30f-d8b340 102->104 103->104
            APIs
            • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00D8B2F3
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 5dc858b47724d00cee1f2b396eae8703bf6f47a248769eb4faf59f3c80a8470b
            • Instruction ID: 8a8156049df49ef09439c69b5a35bf4b0fea62b6e8bf9c2ba7135225b657c0fa
            • Opcode Fuzzy Hash: 5dc858b47724d00cee1f2b396eae8703bf6f47a248769eb4faf59f3c80a8470b
            • Instruction Fuzzy Hash: F021C171504204AFEB219F65CC45FABFBECEF14324F04896AEA85CB151D735E4049BB1
            Function 00D8A50F Relevance: 1.6, APIs: 1, Instructions: 80COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 77 d8a50f-d8a563 79 d8a566-d8a5be GetTempPathW 77->79 81 d8a5c4-d8a5da 79->81
            APIs
            • GetTempPathW.KERNELBASE(?,00000E24,?,?), ref: 00D8A5B6
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: PathTemp
            • String ID:
            • API String ID: 2920410445-0
            • Opcode ID: 5cf8780ac10eddb7cbd1e713a084655729008cb1aa574a0abe0fd22bdb12b7b7
            • Instruction ID: 64feb3ccd305c0d2152e6da2eaf061178e6d8a3bfb9bc7205bf55d69d1fc8f08
            • Opcode Fuzzy Hash: 5cf8780ac10eddb7cbd1e713a084655729008cb1aa574a0abe0fd22bdb12b7b7
            • Instruction Fuzzy Hash: B121957150D3C06FD7138B25CC51B62BFB8EF87614F0A81DBE8849B593D624A919C7B2
            Function 00D8AD2A Relevance: 1.6, APIs: 1, Instructions: 80COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 82 d8ad2a-d8ad9f 86 d8ada1-d8ada9 DuplicateHandle 82->86 87 d8adf7-d8adfc 82->87 89 d8adaf-d8adc1 86->89 87->86 90 d8adfe-d8ae03 89->90 91 d8adc3-d8adf4 89->91 90->91
            APIs
            • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00D8ADA7
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 4c4dc45b8d267adb9db53d9cbccce689c332846751490c582f962e43c79d93bc
            • Instruction ID: 7d8a4b26ad74a9597049e7336fcb7db65294a2abee34e517f5e11bb382ada82f
            • Opcode Fuzzy Hash: 4c4dc45b8d267adb9db53d9cbccce689c332846751490c582f962e43c79d93bc
            • Instruction Fuzzy Hash: 0021C172504208AFEB219F64CC45FABFBECEF04324F04886AEA45CB651E735E4149BB1
            Function 00D8A850 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 108 d8a850-d8a8d6 112 d8a8d8-d8a8f8 SetFilePointer 108->112 113 d8a91a-d8a91f 108->113 116 d8a8fa-d8a917 112->116 117 d8a921-d8a926 112->117 113->112 117->116
            APIs
            • SetFilePointer.KERNELBASE(?,00000E24,D3B8DE3D,00000000,00000000,00000000,00000000), ref: 00D8A8DE
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: FilePointer
            • String ID:
            • API String ID: 973152223-0
            • Opcode ID: b5f102cbbe7365553047bfbb63478fdb6719f750fc602f91f0b53ebe3422a5e5
            • Instruction ID: a54c2758276dbf27aebd244e84bc78ef4f7f707d11bb164ada135ac31380f839
            • Opcode Fuzzy Hash: b5f102cbbe7365553047bfbb63478fdb6719f750fc602f91f0b53ebe3422a5e5
            • Instruction Fuzzy Hash: 7021A4714093846FE7228F64DC44F66BFB8EF46724F0984DBE9848B152D265A909CBB1
            Function 00D8A933 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 120 d8a933-d8a9b9 124 d8a9bb-d8a9db WriteFile 120->124 125 d8a9fd-d8aa02 120->125 128 d8a9dd-d8a9fa 124->128 129 d8aa04-d8aa09 124->129 125->124 129->128
            APIs
            • WriteFile.KERNELBASE(?,00000E24,D3B8DE3D,00000000,00000000,00000000,00000000), ref: 00D8A9C1
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: 4bc2d186f6ed7b2222dd97d81d66df65ee15547731aed6904b3ad7734e5ea708
            • Instruction ID: 756c7847554f7177839553cc50da31aa57d164642a27ec0597f0248087f8703e
            • Opcode Fuzzy Hash: 4bc2d186f6ed7b2222dd97d81d66df65ee15547731aed6904b3ad7734e5ea708
            • Instruction Fuzzy Hash: DB21A171409384AFDB228F65CC45F97FFB8EF46314F08849BE9848B152D365A408CBB2
            Function 00D8A5FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 132 d8a5fe-d8a656 135 d8a658 132->135 136 d8a65b-d8a667 132->136 135->136 137 d8a669 136->137 138 d8a66c-d8a675 136->138 137->138 139 d8a6c6-d8a6cb 138->139 140 d8a677-d8a67f CreateFileW 138->140 139->140 142 d8a685-d8a69b 140->142 143 d8a6cd-d8a6d2 142->143 144 d8a69d-d8a6c3 142->144 143->144
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00D8A67D
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 1a03bbb335bccdbeda0c5667b6afa2cae2204d947e328aef66d17a082d719fcf
            • Instruction ID: dd60ba9dbcdbd4fdbdb2ec01d9a605a5c2a177bbbb52a98611b26c8156b95527
            • Opcode Fuzzy Hash: 1a03bbb335bccdbeda0c5667b6afa2cae2204d947e328aef66d17a082d719fcf
            • Instruction Fuzzy Hash: D621A471504604AFE721DF69CD46F66FBE8EF04324F08886EE9858B252E375E404CB72
            Function 00D8A78F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 147 d8a78f-d8a80d 151 d8a80f-d8a822 GetFileType 147->151 152 d8a842-d8a847 147->152 153 d8a849-d8a84e 151->153 154 d8a824-d8a841 151->154 152->151 153->154
            APIs
            • GetFileType.KERNELBASE(?,00000E24,D3B8DE3D,00000000,00000000,00000000,00000000), ref: 00D8A815
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: 3d6514505aed6e8cad355d197b7b4f183c55644f9b528d1475ffe233cc2cf793
            • Instruction ID: de8bef66bfe95c8f8bc45080e5788805971a3dc452c5684378153875076614d3
            • Opcode Fuzzy Hash: 3d6514505aed6e8cad355d197b7b4f183c55644f9b528d1475ffe233cc2cf793
            • Instruction Fuzzy Hash: 1A21D8B54097846FE7128B21DC41FA6BFB8DF56314F0980DBE9848B153D268A909D771
            Function 00D8AA0B Relevance: 1.6, APIs: 1, Instructions: 70COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 158 d8aa0b-d8aa6a 160 d8aa6c 158->160 161 d8aa6f-d8aa75 158->161 160->161 162 d8aa7a-d8aa83 161->162 163 d8aa77 161->163 164 d8aac4-d8aac9 162->164 165 d8aa85-d8aaa5 CreateDirectoryW 162->165 163->162 164->165 168 d8aacb-d8aad0 165->168 169 d8aaa7-d8aac3 165->169 168->169
            APIs
            • CreateDirectoryW.KERNELBASE(?,?), ref: 00D8AA8B
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CreateDirectory
            • String ID:
            • API String ID: 4241100979-0
            • Opcode ID: ad2582d1b8c8816fd611f90791784aa100cb2129695c748f8d64738e93a3550f
            • Instruction ID: b164ba7dc7c8a803c308abfc035e52c7c2e78bf87e7d01713d0511fedd535ba2
            • Opcode Fuzzy Hash: ad2582d1b8c8816fd611f90791784aa100cb2129695c748f8d64738e93a3550f
            • Instruction Fuzzy Hash: BA2180B15093C05FEB12CB29DC55B92BFE8AF06314F0D84EAE884CB553E225D909CB71
            Function 00D8A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,D3B8DE3D,00000000,00000000,00000000,00000000), ref: 00D8A40C
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 10660834de7c2dbfe27684ca1f41d205629f8e8cd0adebc1d8c840816396c939
            • Instruction ID: 0671933b7edcc8656627903e53dbe8392586d817f5f59d2f114849f12fae0e6b
            • Opcode Fuzzy Hash: 10660834de7c2dbfe27684ca1f41d205629f8e8cd0adebc1d8c840816396c939
            • Instruction Fuzzy Hash: 48218C75600204AFEB20DF69CC85F66F7ECEF14714F08846AE94A8B251D764E809DBB2
            Function 00D8A962 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
            Download Yara Rule
            APIs
            • WriteFile.KERNELBASE(?,00000E24,D3B8DE3D,00000000,00000000,00000000,00000000), ref: 00D8A9C1
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: FileWrite
            • String ID:
            • API String ID: 3934441357-0
            • Opcode ID: dabc286b4e09b37a5bf127b43cf10835fe4c32af8f5123494000c28a1db801b7
            • Instruction ID: 1fdaeed51d732eef90c917b60e88c78e8a565d4459ef0ffc8591bbe5ddc7df96
            • Opcode Fuzzy Hash: dabc286b4e09b37a5bf127b43cf10835fe4c32af8f5123494000c28a1db801b7
            • Instruction Fuzzy Hash: 5B110171404204AFEB21DF65CC81FAAFBE8EF14724F08885BEA458B241D339E404DBB2
            Function 00D8A882 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
            Download Yara Rule
            APIs
            • SetFilePointer.KERNELBASE(?,00000E24,D3B8DE3D,00000000,00000000,00000000,00000000), ref: 00D8A8DE
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: FilePointer
            • String ID:
            • API String ID: 973152223-0
            • Opcode ID: 5dfe8bf37474293f1ab9b7ae599744e9a247f7802f5479f44b16e777b0812053
            • Instruction ID: ce733acdf201745e2bba41ee0b56916f24ff52d05b60d3bc2c6c5a8a35147e57
            • Opcode Fuzzy Hash: 5dfe8bf37474293f1ab9b7ae599744e9a247f7802f5479f44b16e777b0812053
            • Instruction Fuzzy Hash: 0611E371504204AFEB21DF68DC85F66FBE8EF54724F18885BEA458B241D379E804DBB2
            Function 00D8A2AE Relevance: 1.6, APIs: 1, Instructions: 53COMMON
            Download Yara Rule
            APIs
            • SetErrorMode.KERNELBASE(?), ref: 00D8A30C
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: ErrorMode
            • String ID:
            • API String ID: 2340568224-0
            • Opcode ID: 80165ecdbe5827906f189388282109963e1fc35ba13356b4457247c1c91fad38
            • Instruction ID: b92a208ae2c257e36ce82ea1772f09bd2add2d29b468f9974630b601758bd31e
            • Opcode Fuzzy Hash: 80165ecdbe5827906f189388282109963e1fc35ba13356b4457247c1c91fad38
            • Instruction Fuzzy Hash: BE1170754093C09FDB228B25DC54A52BFB4EF17220F0D84DBDD858F263D269A909CB72
            Function 00D8A7C2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E24,D3B8DE3D,00000000,00000000,00000000,00000000), ref: 00D8A815
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: 0dd8162f34b716dc3f90fa8bd6301228f49dc74376e9c93c4f92f1bdf6cdb6ac
            • Instruction ID: 3baa16ee9a5ffcb75b2dfc0439b1f2524468c053320c222855321d96bad76081
            • Opcode Fuzzy Hash: 0dd8162f34b716dc3f90fa8bd6301228f49dc74376e9c93c4f92f1bdf6cdb6ac
            • Instruction Fuzzy Hash: 5601D275504204AEE720DB19DC85FA6FBE8DF54724F18C4ABEE458B241D778E8048BB6
            Function 00D8AA46 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • CreateDirectoryW.KERNELBASE(?,?), ref: 00D8AA8B
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CreateDirectory
            • String ID:
            • API String ID: 4241100979-0
            • Opcode ID: 137e5fe78dc055757f833a3eb08531fdac25e1ba0257b2b32bf400d8c74dcbf0
            • Instruction ID: d4433f5a38a5498a6d6a95c67b1117afce979bf775e86e295feb1916123cbce5
            • Opcode Fuzzy Hash: 137e5fe78dc055757f833a3eb08531fdac25e1ba0257b2b32bf400d8c74dcbf0
            • Instruction Fuzzy Hash: 06117C716002409FEB14DF29D985B66BBD8EF04720F0884AADD49CB642E675E804CB62
            Function 00D8AF8B Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CloseFind
            • String ID:
            • API String ID: 1863332320-0
            • Opcode ID: 7887a55a041331db1cb212c1aa5a2d8d11d25e1e2d103eba1c526d3f28784c0c
            • Instruction ID: dae245b93a988eaf02805bcd37823b44f3443423d68bb3ff2984185d9e58eccf
            • Opcode Fuzzy Hash: 7887a55a041331db1cb212c1aa5a2d8d11d25e1e2d103eba1c526d3f28784c0c
            • Instruction Fuzzy Hash: AF1170755093C49FDB128B25DC45A52BFF4EF06220F0D84DBED858B263D369A848DB61
            Function 00D8B1B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • GetSystemInfo.KERNELBASE(?), ref: 00D8B208
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: InfoSystem
            • String ID:
            • API String ID: 31276548-0
            • Opcode ID: d2547e801af2ca3cb0226df37f7d1e02e13d468a8d6ee38ab4780d00d52ac2ea
            • Instruction ID: 7a49b1dab532e788963acf27f84199cc649ade0e64201504bb538c65a1fd71b4
            • Opcode Fuzzy Hash: d2547e801af2ca3cb0226df37f7d1e02e13d468a8d6ee38ab4780d00d52ac2ea
            • Instruction Fuzzy Hash: E0117C714093C09FDB128F15DC84B56BFA4EF56620F0884EBED848F263D279A908CB72
            Function 00D8A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
            Download Yara Rule
            APIs
            • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00D8A1C2
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: FileFindNext
            • String ID:
            • API String ID: 2029273394-0
            • Opcode ID: 667f85ecbc7587dd4178c62e5d4dd03ba3a0682cc977177e5e1a87275287c09a
            • Instruction ID: ea9b1473c47d424d1c1e4f64f3375df527883dc4dbc67ed584c5df351fe74fe5
            • Opcode Fuzzy Hash: 667f85ecbc7587dd4178c62e5d4dd03ba3a0682cc977177e5e1a87275287c09a
            • Instruction Fuzzy Hash: C701B171A00200AFD310DF16CC46B26FBE8EB88A20F14856AEC089B641E735F911CBE1
            Function 00D8ABE6 Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON
            Download Yara Rule
            APIs
            • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00D8AC36
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CreatePipe
            • String ID:
            • API String ID: 2719314638-0
            • Opcode ID: 26b54ce51b978cdc476280248c4df954382fa11b33294e2863cb7689824526fd
            • Instruction ID: 712078123a75a5fcc3f92be9d1e51639bbf3efb4214bfe9d035b49842cb7db30
            • Opcode Fuzzy Hash: 26b54ce51b978cdc476280248c4df954382fa11b33294e2863cb7689824526fd
            • Instruction Fuzzy Hash: 9801B171A00200AFD310DF16CC46B26FBE8FB88A20F14852AEC489B641E735F915CBE1
            Function 00D8B556 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 00D8B5A6
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: c23cff9a76cfaf6ae3863aae6bf049ecd307f4364111313e356c7f02ae84c148
            • Instruction ID: 875f40e225d7a62fb20ede87718db4841ac8c1188fdbaffdc46de80b664cfee9
            • Opcode Fuzzy Hash: c23cff9a76cfaf6ae3863aae6bf049ecd307f4364111313e356c7f02ae84c148
            • Instruction Fuzzy Hash: 9401A271A00204AFD210DF16CC46B26FBE8FB88A24F14811AEC485B741D775F915CBE5
            Function 00D8A566 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • GetTempPathW.KERNELBASE(?,00000E24,?,?), ref: 00D8A5B6
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: PathTemp
            • String ID:
            • API String ID: 2920410445-0
            • Opcode ID: da8dac93c7a47fd97184c4ee5b8bf18235425a0bddb78cbfc22996ace9105b64
            • Instruction ID: f464a92fe684f23e44e8cdd1f66f90864fae59815679862a1c473564d977a6d5
            • Opcode Fuzzy Hash: da8dac93c7a47fd97184c4ee5b8bf18235425a0bddb78cbfc22996ace9105b64
            • Instruction Fuzzy Hash: D801A271A00204AFD210DF16CC46B26FBE8FB88A24F14815AEC085B741D735F915CBE5
            Function 00D8AFB2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CloseFind
            • String ID:
            • API String ID: 1863332320-0
            • Opcode ID: c821f84ee0d1759155beef9db23db88d999332d2c7806d55a7e58225348ba360
            • Instruction ID: de39104482cc107b9d5fd44a7f724fa64994118db378f3489bf9e8a66deb8056
            • Opcode Fuzzy Hash: c821f84ee0d1759155beef9db23db88d999332d2c7806d55a7e58225348ba360
            • Instruction Fuzzy Hash: F001D1745002448FEB109F19D885762FBD4EF05320F08C4ABDD458B252E779E844DFB2
            Function 00D8A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
            Download Yara Rule
            APIs
            • SetErrorMode.KERNELBASE(?), ref: 00D8A30C
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: ErrorMode
            • String ID:
            • API String ID: 2340568224-0
            • Opcode ID: 7464cab9b2382cef239531311023f34ee4deff70b68d3ba0a56c7be522becd0e
            • Instruction ID: 5b7e27bb70ef3ed173a321bd14d63f4ea2b89dac38fb70c3f1fc7fb1adfa1c99
            • Opcode Fuzzy Hash: 7464cab9b2382cef239531311023f34ee4deff70b68d3ba0a56c7be522becd0e
            • Instruction Fuzzy Hash: 2DF0AF345042449FEB20EF59D885762FBE4EF05721F08C49BDD494B256D3B9E904CBB2
            Function 00D8A6D4 Relevance: 1.3, APIs: 1, Instructions: 70COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?), ref: 00D8A748
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: f6b812df3579db63ccd9d80a9d54c4f0590da6b3d86de03417a2e0d81a84ad7e
            • Instruction ID: 2dc65b42c4993627526baca4869a5c6b668b7fd93fba5d90d1fe57027a67467c
            • Opcode Fuzzy Hash: f6b812df3579db63ccd9d80a9d54c4f0590da6b3d86de03417a2e0d81a84ad7e
            • Instruction Fuzzy Hash: BA21C2B55093C05FDB128F25DC95652BFB8EF17320F0984DBDC858F2A3D2649909CB62
            Function 00D8A716 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?), ref: 00D8A748
            Memory Dump Source
            • Source File: 00000008.00000002.2182551771.0000000000D8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d8a000_unarchiver.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: 5cf7ed3ffe75851d92c7323601158fde5f656ff009434f87efca177b1829cd6a
            • Instruction ID: 95cea44598f7cc7ea07365fdec4a2d055d73da2d80bf0214fb40164eb68b8af5
            • Opcode Fuzzy Hash: 5cf7ed3ffe75851d92c7323601158fde5f656ff009434f87efca177b1829cd6a
            • Instruction Fuzzy Hash: 5801DF749002408FEB109F29DC85766FBE4EF00321F08C4ABDD498F242D379E804DBA2
            Function 00E90E42 Relevance: 1.2, Instructions: 1190COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be5f12f86cbc573829006f08bd3c92ccedaf5db34aa70501db3c7a1d67447129
            • Instruction ID: 729d6dc4a261a5fc80b1fee2887a2c864042564cef77bbaa042c67a3cfb8324c
            • Opcode Fuzzy Hash: be5f12f86cbc573829006f08bd3c92ccedaf5db34aa70501db3c7a1d67447129
            • Instruction Fuzzy Hash: 7561BD34B00215DFCF24ABB4D4587AEB7E2EB89308F118869D901AB385DF76DC42CB81
            Function 00E902C0 Relevance: .3, Instructions: 285COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a2637bda959a2fcdf61522fed67d0bcafc5e3c002bdc739a4cead5f88f98d3a8
            • Instruction ID: 48c30d20528544be793f4946c5eff307b172a57adf6c2cfac62a5bf3ad70c991
            • Opcode Fuzzy Hash: a2637bda959a2fcdf61522fed67d0bcafc5e3c002bdc739a4cead5f88f98d3a8
            • Instruction Fuzzy Hash: F9B13D39701210CFCB18EFA4E858B5E7BB2EF88354B918529D90697369DB319D12CF61
            Function 00E90799 Relevance: .3, Instructions: 284COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5fb4e0cb8e65eb0266011eabaa06a024bf24059834422468e5c5c58b98dd31e7
            • Instruction ID: c7a5d02e7c043f2caf24b0531ba1e8090b92db7aec733bbab57e763360405349
            • Opcode Fuzzy Hash: 5fb4e0cb8e65eb0266011eabaa06a024bf24059834422468e5c5c58b98dd31e7
            • Instruction Fuzzy Hash: CDA18E34B003008FDB18ABB8D85977E77B3EB84308F558429D90697399EF789D52CBA5
            Function 00E910A5 Relevance: .1, Instructions: 90COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a742424353a6480fe028a10f5fe9ea56059e4b8e2d159eea91702383e341b1
            • Instruction ID: 413fa83f06bcb248f40d9fb79d4b33bebe670fba4109ba6d6dbe42fea86bce46
            • Opcode Fuzzy Hash: 52a742424353a6480fe028a10f5fe9ea56059e4b8e2d159eea91702383e341b1
            • Instruction Fuzzy Hash: 12316B34B01214CFCF24EB74D558AADB7F2EB48308B1184A9D906AB395CB72DD41CB91
            Function 00E90C99 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bfa3473f60fc735fcacce770dc561ef9e898506b881b324107b46c45bc52e2a3
            • Instruction ID: 388c238a793c935f79266867e2b625de09333db07d8e549a2d09e1212423f058
            • Opcode Fuzzy Hash: bfa3473f60fc735fcacce770dc561ef9e898506b881b324107b46c45bc52e2a3
            • Instruction Fuzzy Hash: CD2137307042508FCB15FB79840436E7BE6AFDA304B45482CD085DB382DF75E90697A6
            Function 00E90CA8 Relevance: .1, Instructions: 82COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2fd74cffebf511259577891143f37cdd655934c3a1d277bb8656e61326731971
            • Instruction ID: e5fcb89d18056e318e472c4b8c912999995507e56e6530f850fee7f181c28f24
            • Opcode Fuzzy Hash: 2fd74cffebf511259577891143f37cdd655934c3a1d277bb8656e61326731971
            • Instruction Fuzzy Hash: 302105307003508FCB24EB79845466EB7E6AFD5308B85882CD045DB342DF79ED0697AA
            Function 00E90BA0 Relevance: .1, Instructions: 60COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1460fc681e1fcd4868a727a283f2fed72025f1ac9ffd32bbc08ba91b60e99411
            • Instruction ID: 6d9592cad2db18f48d498793eb15a7809a8527bcab1738ed8e705423b3db4b02
            • Opcode Fuzzy Hash: 1460fc681e1fcd4868a727a283f2fed72025f1ac9ffd32bbc08ba91b60e99411
            • Instruction Fuzzy Hash: C711E336B10218AFCF04ABB8D8489DE7BF6FF88214B464475E205E7225EF30DC168781
            Function 00EA0814 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183345257.0000000000EA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_ea0000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 76652053e1e375724a05a6212fb6e6478db87aec6046c223a692cf845fcc8501
            • Instruction ID: 03ad6d397ff087faef3bcdb683f4793d8ad4b4cbdd61dd934caadda01dd92106
            • Opcode Fuzzy Hash: 76652053e1e375724a05a6212fb6e6478db87aec6046c223a692cf845fcc8501
            • Instruction Fuzzy Hash: 97F081B64096446FD300DF15AC41C57FBE8DF95525F04C96EEC488B201E276B9198BA2
            Function 00EA05EC Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183345257.0000000000EA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_ea0000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9d61131f99b3bd2695ac9754ccb48f0cdead921ce07ade9632b1003b45e86ef9
            • Instruction ID: c763898567cdbdcf02823fdb5cbc1db7e6a658a34ea05cd22e566a42d2492ff3
            • Opcode Fuzzy Hash: 9d61131f99b3bd2695ac9754ccb48f0cdead921ce07ade9632b1003b45e86ef9
            • Instruction Fuzzy Hash: DCF04FB65097846FC7118B16AC41867FBE8DE8663070888ABE9498B612D129B919CBA1
            Function 00EA082E Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183345257.0000000000EA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_ea0000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0e7b9adf3aaf375fa82b4c2fbc9baa5ae508387249ddeb4f3defb5d66e35ca22
            • Instruction ID: 3edd8b1ddce378b9f190af70b31fe815943000379147ec83992b5e887aba4c12
            • Opcode Fuzzy Hash: 0e7b9adf3aaf375fa82b4c2fbc9baa5ae508387249ddeb4f3defb5d66e35ca22
            • Instruction Fuzzy Hash: 18F082B2905204AF9200DF15ED46867F7ECDF94525F04C53EEC488B301E276B9158AE2
            Function 00EA0606 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183345257.0000000000EA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_ea0000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8b63d83b6a3eb5e7ce06f405b5c7194d782ae8e03a49b2a3b20ebafb3bba6342
            • Instruction ID: d19a0efb6dcaab219f23a9fcf87d654bdfa2025e8b9412c3e3f2fdd88b66b599
            • Opcode Fuzzy Hash: 8b63d83b6a3eb5e7ce06f405b5c7194d782ae8e03a49b2a3b20ebafb3bba6342
            • Instruction Fuzzy Hash: 6DE092B66006044F9650CF0AEC41462F7D8EB84630708C47FDC0D8B701E239B504CAA5
            Function 00E90C50 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd40981e2c665a8af9c0bb0a6aa82875618bda529e3265959b66249ed245642e
            • Instruction ID: e0d5cbab3dca41108fdacda9aa6f6da724e869ba4a701486c964f037978a0582
            • Opcode Fuzzy Hash: cd40981e2c665a8af9c0bb0a6aa82875618bda529e3265959b66249ed245642e
            • Instruction Fuzzy Hash: 82E0DF72F153141FEB44DAF8840469E7FB1DB85120BC244BAC049DB352EE3588028391
            Function 00E90C60 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4dd950b5cc0b6db89bc9acf349b1e75c314f6d4c8ba979a589caeaca60fabec1
            • Instruction ID: 566adea6d39329b1101e111d39152cf4f4f9811979b2f9287565bf6ee2884db5
            • Opcode Fuzzy Hash: 4dd950b5cc0b6db89bc9acf349b1e75c314f6d4c8ba979a589caeaca60fabec1
            • Instruction Fuzzy Hash: 57D0C271F003181B9B44EAF8480459F7FEADBC0054B814079C008D3301EE31980183C1
            Function 00E90E08 Relevance: .0, Instructions: 18COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 216c4482e7a1995797fd6dfda53cd07e15a9e5c1f4b9f49cbbe870e094a4ea9d
            • Instruction ID: 9b25b74bfa1d0245c2f4c1429edac420c347d92588e5101efbf6b3afc329f842
            • Opcode Fuzzy Hash: 216c4482e7a1995797fd6dfda53cd07e15a9e5c1f4b9f49cbbe870e094a4ea9d
            • Instruction Fuzzy Hash: 93E0123621A3844FCB066B7494196587FA19B86304FCAD4D5C5889B263C620DC05C751
            Function 00E90DD1 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be1adc81e7f9d5878d38e2411c432cc9e6b0a42eb43b2a410a9a9bd616fc8b5a
            • Instruction ID: 2ae07a1967634cd7bf3502c3d498074eed7f1002ccd7e8d1d1a8cee82a4f1498
            • Opcode Fuzzy Hash: be1adc81e7f9d5878d38e2411c432cc9e6b0a42eb43b2a410a9a9bd616fc8b5a
            • Instruction Fuzzy Hash: 59E012302093814FDB0697B48818A553FA19F97354F8A96EAD089CB2F3DB64D855C745
            Function 00D823F4 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2182420193.0000000000D82000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D82000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d82000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e27a96d718a349ed327923364ce7bee7419aa1a4963d97f531786215aa2636ba
            • Instruction ID: f5118006d61b9024ae7f8f7f5f49d449cccc3794316dfb714794b6302e8fe2c0
            • Opcode Fuzzy Hash: e27a96d718a349ed327923364ce7bee7419aa1a4963d97f531786215aa2636ba
            • Instruction Fuzzy Hash: 36D05E792056814FD316AA1CC5A6BA537D4AB61714F4A44FAA800CB763C768D981D620
            Function 00D823BC Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2182420193.0000000000D82000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D82000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_d82000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d12dc535cc0ceb74c89e3fdb0c8daf4d25fee151a377605122ab8d3fe4d39b2
            • Instruction ID: 400f1c090fd212a85f3deec00e8ba34f2d91c64728792ba6665ad0b992ad6c2b
            • Opcode Fuzzy Hash: 0d12dc535cc0ceb74c89e3fdb0c8daf4d25fee151a377605122ab8d3fe4d39b2
            • Instruction Fuzzy Hash: 1FD05E382002818BC716EA1CC2E4F6933D4AB40724F0A44EDBC108B762C7A9D9C0DA10
            Function 00E90DE0 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d86d85b8ee9a11d01c4ad7ca60c0ad208231eb9fabfadc2756fc6289e171b416
            • Instruction ID: 711165c8f4493f1343993f062107087c6b7eee21cfc29dc471372767bebbb02d
            • Opcode Fuzzy Hash: d86d85b8ee9a11d01c4ad7ca60c0ad208231eb9fabfadc2756fc6289e171b416
            • Instruction Fuzzy Hash: E7C012303003048FCB04A768D41DA2577D69BD0308FC5C46494085B256DA70EC40C684
            Function 00E90E18 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2183316499.0000000000E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_e90000_unarchiver.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eff6a0ce4f0e81bd9957281c1216447d66bddc7aa7931054f92ce1dda520fe6a
            • Instruction ID: ea2140e57f5718696e97132874da9c11d1737b14c00ef139f12dda6c262d5771
            • Opcode Fuzzy Hash: eff6a0ce4f0e81bd9957281c1216447d66bddc7aa7931054f92ce1dda520fe6a
            • Instruction Fuzzy Hash: 31C012313003088FCB04A768D51DA2977D59BD5308FC5C46498085B256DA70EC41C744