Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cabbage.exe

Overview

General Information

Sample name:cabbage.exe
Analysis ID:1542261
MD5:81e184c5842808438d0c3ac633885c1b
SHA1:9a10cb3b660c5b6b464ccf41c023e80a56f7cf79
SHA256:31b233d5cdd809be59e838bb2c27c29d8a914daa08a2490e03b5e5f8ed35e312
Tags:exeuser-NDA0E
Infos:

Detection

Atlantida Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Atlantida Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cabbage.exe (PID: 7644 cmdline: "C:\Users\user\Desktop\cabbage.exe" MD5: 81E184C5842808438D0C3AC633885C1B)
    • conhost.exe (PID: 7688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 7992 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Configuration

Threatname: Atlantida Stealer

{"C2 url": "185.234.216.181"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3783711899.000001D428ABA000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x397c99:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000005.00000002.3758733093.0000000001100000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x6cab91:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
Process Memory Space: RegAsm.exe PID: 7992JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    Process Memory Space: RegAsm.exe PID: 7992JoeSecurity_AtlantidaStealer_1Yara detected Atlantida StealerJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
      Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentCommandLine: "C:\Users\user\Desktop\cabbage.exe", ParentImage: C:\Users\user\Desktop\cabbage.exe, ParentProcessId: 7644, ParentProcessName: cabbage.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe, ProcessId: 7992, ProcessName: RegAsm.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-25T18:06:16.143707+020028033053Unknown Traffic192.168.2.749704104.26.5.30443TCP
      2024-10-25T18:06:18.238322+020028033053Unknown Traffic192.168.2.749707104.26.5.30443TCP
      2024-10-25T18:06:20.262032+020028033053Unknown Traffic192.168.2.749715104.26.5.30443TCP
      2024-10-25T18:06:22.239274+020028033053Unknown Traffic192.168.2.749723104.26.5.30443TCP
      2024-10-25T18:06:24.698076+020028033053Unknown Traffic192.168.2.749738104.26.5.30443TCP
      2024-10-25T18:06:26.798811+020028033053Unknown Traffic192.168.2.749748104.26.5.30443TCP
      2024-10-25T18:06:29.326409+020028033053Unknown Traffic192.168.2.749762104.26.5.30443TCP
      2024-10-25T18:06:31.368028+020028033053Unknown Traffic192.168.2.749780104.26.5.30443TCP
      2024-10-25T18:06:33.451173+020028033053Unknown Traffic192.168.2.749793104.26.5.30443TCP
      2024-10-25T18:06:35.345981+020028033053Unknown Traffic192.168.2.749805104.26.5.30443TCP
      2024-10-25T18:06:38.472527+020028033053Unknown Traffic192.168.2.749821104.26.5.30443TCP
      2024-10-25T18:06:40.415462+020028033053Unknown Traffic192.168.2.749834104.26.5.30443TCP
      2024-10-25T18:06:42.423505+020028033053Unknown Traffic192.168.2.749846104.26.5.30443TCP
      2024-10-25T18:06:44.540722+020028033053Unknown Traffic192.168.2.749858104.26.5.30443TCP
      2024-10-25T18:06:46.996932+020028033053Unknown Traffic192.168.2.749870104.26.5.30443TCP
      2024-10-25T18:06:48.988670+020028033053Unknown Traffic192.168.2.749886104.26.5.30443TCP
      2024-10-25T18:06:51.269370+020028033053Unknown Traffic192.168.2.749899104.26.5.30443TCP
      2024-10-25T18:06:53.241082+020028033053Unknown Traffic192.168.2.749914104.26.5.30443TCP
      2024-10-25T18:06:55.744157+020028033053Unknown Traffic192.168.2.749926104.26.5.30443TCP
      2024-10-25T18:06:57.739741+020028033053Unknown Traffic192.168.2.749941104.26.5.30443TCP
      2024-10-25T18:07:00.096544+020028033053Unknown Traffic192.168.2.749954104.26.5.30443TCP
      2024-10-25T18:07:02.214801+020028033053Unknown Traffic192.168.2.749966104.26.5.30443TCP
      2024-10-25T18:07:04.240350+020028033053Unknown Traffic192.168.2.749983104.26.5.30443TCP
      2024-10-25T18:07:06.163919+020028033053Unknown Traffic192.168.2.749995104.26.5.30443TCP
      2024-10-25T18:07:08.115563+020028033053Unknown Traffic192.168.2.750008104.26.5.30443TCP
      2024-10-25T18:07:10.537130+020028033053Unknown Traffic192.168.2.750020104.26.5.30443TCP
      2024-10-25T18:07:12.666840+020028033053Unknown Traffic192.168.2.750030104.26.5.30443TCP
      2024-10-25T18:07:15.646142+020028033053Unknown Traffic192.168.2.750032104.26.5.30443TCP
      2024-10-25T18:07:17.362945+020028033053Unknown Traffic192.168.2.750034104.26.5.30443TCP
      2024-10-25T18:07:19.415167+020028033053Unknown Traffic192.168.2.750036104.26.5.30443TCP
      2024-10-25T18:07:21.368113+020028033053Unknown Traffic192.168.2.750038104.26.5.30443TCP
      2024-10-25T18:07:23.378168+020028033053Unknown Traffic192.168.2.750040104.26.5.30443TCP
      2024-10-25T18:07:25.337532+020028033053Unknown Traffic192.168.2.750042104.26.5.30443TCP
      2024-10-25T18:07:27.289605+020028033053Unknown Traffic192.168.2.750044104.26.5.30443TCP
      2024-10-25T18:07:30.387913+020028033053Unknown Traffic192.168.2.750046104.26.5.30443TCP
      2024-10-25T18:07:32.300317+020028033053Unknown Traffic192.168.2.750048104.26.5.30443TCP
      2024-10-25T18:07:34.308016+020028033053Unknown Traffic192.168.2.750050104.26.5.30443TCP
      2024-10-25T18:07:36.073939+020028033053Unknown Traffic192.168.2.750052104.26.5.30443TCP
      2024-10-25T18:07:38.046449+020028033053Unknown Traffic192.168.2.750054104.26.4.30443TCP
      2024-10-25T18:07:40.112882+020028033053Unknown Traffic192.168.2.750056104.26.4.30443TCP
      2024-10-25T18:07:42.033984+020028033053Unknown Traffic192.168.2.750058104.26.4.30443TCP
      2024-10-25T18:07:43.990890+020028033053Unknown Traffic192.168.2.750060104.26.4.30443TCP
      2024-10-25T18:07:45.934642+020028033053Unknown Traffic192.168.2.750062104.26.4.30443TCP
      2024-10-25T18:07:47.695644+020028033053Unknown Traffic192.168.2.750064104.26.4.30443TCP
      2024-10-25T18:07:48.949197+020028033053Unknown Traffic192.168.2.750066104.26.4.30443TCP
      2024-10-25T18:07:50.936104+020028033053Unknown Traffic192.168.2.750068104.26.4.30443TCP
      2024-10-25T18:07:52.938534+020028033053Unknown Traffic192.168.2.750070104.26.4.30443TCP
      2024-10-25T18:07:55.053094+020028033053Unknown Traffic192.168.2.750072104.26.4.30443TCP
      2024-10-25T18:07:57.902115+020028033053Unknown Traffic192.168.2.750074104.26.4.30443TCP
      2024-10-25T18:08:00.028108+020028033053Unknown Traffic192.168.2.750076104.26.4.30443TCP
      2024-10-25T18:08:01.993043+020028033053Unknown Traffic192.168.2.750078104.26.4.30443TCP
      2024-10-25T18:08:04.127595+020028033053Unknown Traffic192.168.2.750080104.26.4.30443TCP
      2024-10-25T18:08:06.193783+020028033053Unknown Traffic192.168.2.750082104.26.4.30443TCP
      2024-10-25T18:08:08.152144+020028033053Unknown Traffic192.168.2.750084104.26.4.30443TCP
      2024-10-25T18:08:10.080043+020028033053Unknown Traffic192.168.2.750086104.26.4.30443TCP
      2024-10-25T18:08:11.757579+020028033053Unknown Traffic192.168.2.750088104.26.4.30443TCP
      2024-10-25T18:08:13.738669+020028033053Unknown Traffic192.168.2.750090104.26.4.30443TCP
      2024-10-25T18:08:16.194496+020028033053Unknown Traffic192.168.2.750092104.26.4.30443TCP
      2024-10-25T18:08:18.160431+020028033053Unknown Traffic192.168.2.750094104.26.4.30443TCP
      2024-10-25T18:08:19.631592+020028033053Unknown Traffic192.168.2.750096104.26.4.30443TCP
      2024-10-25T18:08:21.632392+020028033053Unknown Traffic192.168.2.750098104.26.4.30443TCP
      2024-10-25T18:08:23.572908+020028033053Unknown Traffic192.168.2.750100104.26.4.30443TCP
      2024-10-25T18:08:25.742428+020028033053Unknown Traffic192.168.2.750102104.26.4.30443TCP
      2024-10-25T18:08:27.717296+020028033053Unknown Traffic192.168.2.750104104.26.4.30443TCP
      2024-10-25T18:08:29.570881+020028033053Unknown Traffic192.168.2.750106104.26.4.30443TCP
      2024-10-25T18:08:33.735235+020028033053Unknown Traffic192.168.2.750108104.26.4.30443TCP
      2024-10-25T18:08:35.280681+020028033053Unknown Traffic192.168.2.750110104.26.4.30443TCP
      2024-10-25T18:08:37.207628+020028033053Unknown Traffic192.168.2.750112104.26.4.30443TCP
      2024-10-25T18:08:39.153554+020028033053Unknown Traffic192.168.2.750114104.26.4.30443TCP
      2024-10-25T18:08:41.217867+020028033053Unknown Traffic192.168.2.750116104.26.4.30443TCP
      2024-10-25T18:08:43.172832+020028033053Unknown Traffic192.168.2.750118104.26.4.30443TCP
      2024-10-25T18:08:44.873070+020028033053Unknown Traffic192.168.2.750120104.26.4.30443TCP
      2024-10-25T18:08:46.954397+020028033053Unknown Traffic192.168.2.750122104.26.4.30443TCP
      2024-10-25T18:08:48.959725+020028033053Unknown Traffic192.168.2.750124104.26.4.30443TCP
      2024-10-25T18:08:50.895561+020028033053Unknown Traffic192.168.2.750126104.26.4.30443TCP
      2024-10-25T18:08:52.813417+020028033053Unknown Traffic192.168.2.750128104.26.4.30443TCP
      2024-10-25T18:08:54.809727+020028033053Unknown Traffic192.168.2.750130104.26.4.30443TCP
      2024-10-25T18:08:56.775813+020028033053Unknown Traffic192.168.2.750132104.26.4.30443TCP
      2024-10-25T18:08:58.861481+020028033053Unknown Traffic192.168.2.750134104.26.4.30443TCP
      2024-10-25T18:09:00.963032+020028033053Unknown Traffic192.168.2.750136104.26.4.30443TCP
      2024-10-25T18:09:02.956083+020028033053Unknown Traffic192.168.2.750138104.26.4.30443TCP
      2024-10-25T18:09:04.901813+020028033053Unknown Traffic192.168.2.750140104.26.4.30443TCP
      2024-10-25T18:09:07.009617+020028033053Unknown Traffic192.168.2.750143104.26.4.30443TCP
      2024-10-25T18:09:09.536638+020028033053Unknown Traffic192.168.2.750145104.26.4.30443TCP
      2024-10-25T18:09:11.467475+020028033053Unknown Traffic192.168.2.750147104.26.4.30443TCP
      2024-10-25T18:09:13.192478+020028033053Unknown Traffic192.168.2.750149104.26.4.30443TCP
      2024-10-25T18:09:14.580109+020028033053Unknown Traffic192.168.2.750150104.26.4.30443TCP
      2024-10-25T18:09:16.564972+020028033053Unknown Traffic192.168.2.750152104.26.4.30443TCP
      2024-10-25T18:09:17.951541+020028033053Unknown Traffic192.168.2.750154104.26.4.30443TCP
      2024-10-25T18:09:20.131508+020028033053Unknown Traffic192.168.2.750156104.26.4.30443TCP
      2024-10-25T18:09:22.143448+020028033053Unknown Traffic192.168.2.750158104.26.4.30443TCP
      2024-10-25T18:09:24.192439+020028033053Unknown Traffic192.168.2.750161104.26.4.30443TCP
      2024-10-25T18:09:25.393437+020028033053Unknown Traffic192.168.2.750162104.26.4.30443TCP
      2024-10-25T18:09:26.655903+020028033053Unknown Traffic192.168.2.750164104.26.4.30443TCP
      2024-10-25T18:09:28.752170+020028033053Unknown Traffic192.168.2.750166104.26.4.30443TCP
      2024-10-25T18:09:31.661687+020028033053Unknown Traffic192.168.2.750169104.26.4.30443TCP
      2024-10-25T18:09:33.673749+020028033053Unknown Traffic192.168.2.750171104.26.4.30443TCP
      2024-10-25T18:09:35.379775+020028033053Unknown Traffic192.168.2.750173104.26.4.30443TCP
      2024-10-25T18:09:37.418985+020028033053Unknown Traffic192.168.2.750175104.26.4.30443TCP
      2024-10-25T18:09:39.380473+020028033053Unknown Traffic192.168.2.750177104.26.4.30443TCP
      2024-10-25T18:09:41.036322+020028033053Unknown Traffic192.168.2.750179104.26.4.30443TCP
      2024-10-25T18:09:43.081739+020028033053Unknown Traffic192.168.2.750181104.26.4.30443TCP
      2024-10-25T18:09:45.151411+020028033053Unknown Traffic192.168.2.750183104.26.4.30443TCP
      2024-10-25T18:09:47.128053+020028033053Unknown Traffic192.168.2.750185104.26.4.30443TCP
      2024-10-25T18:09:48.696454+020028033053Unknown Traffic192.168.2.750187104.26.4.30443TCP
      2024-10-25T18:09:50.643904+020028033053Unknown Traffic192.168.2.750189104.26.4.30443TCP
      2024-10-25T18:09:52.651491+020028033053Unknown Traffic192.168.2.750191104.26.4.30443TCP
      2024-10-25T18:09:54.629888+020028033053Unknown Traffic192.168.2.750193104.26.4.30443TCP
      2024-10-25T18:09:56.599380+020028033053Unknown Traffic192.168.2.750195104.26.4.30443TCP
      2024-10-25T18:09:58.916841+020028033053Unknown Traffic192.168.2.750198104.26.4.30443TCP
      2024-10-25T18:10:00.997251+020028033053Unknown Traffic192.168.2.750200104.26.4.30443TCP
      2024-10-25T18:10:02.926289+020028033053Unknown Traffic192.168.2.750202104.26.4.30443TCP
      2024-10-25T18:10:04.651554+020028033053Unknown Traffic192.168.2.750204104.26.4.30443TCP
      2024-10-25T18:10:06.673396+020028033053Unknown Traffic192.168.2.750206104.26.4.30443TCP
      2024-10-25T18:10:09.459745+020028033053Unknown Traffic192.168.2.750208104.26.4.30443TCP
      2024-10-25T18:10:14.078251+020028033053Unknown Traffic192.168.2.750211104.26.4.30443TCP
      2024-10-25T18:10:22.908434+020028033053Unknown Traffic192.168.2.750213104.26.4.30443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-25T18:06:30.990548+020028563511A Network Trojan was detected185.234.216.1816666192.168.2.749779TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-25T18:06:32.039384+020028558941A Network Trojan was detected192.168.2.749786185.234.216.1816655TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 00000005.00000002.3763888401.0000000003C6C000.00000002.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Atlantida Stealer {"C2 url": "185.234.216.181"}
      Multi AV Scanner detection for submitted file
      Source: cabbage.exeReversingLabs: Detection: 26%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: cabbage.exeJoe Sandbox ML: detected
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4E720 CryptUnprotectData,5_2_03C4E720
      Source: unknownHTTPS traffic detected: 104.26.5.30:443 -> 192.168.2.7:49699 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 192.168.2.7:49870 -> 104.26.5.30:443 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.5.30:443 -> 192.168.2.7:50052 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50143 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50150 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50161 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50162 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50169 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50198 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50211 version: TLS 1.0
      Source: cabbage.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: RegAsm.exe, 00000005.00000002.3774660174.000000000AAE4000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ntkrnlmp.pdbx6 source: RegAsm.exe, 00000005.00000002.3774660174.000000000AAE4000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C34390 FindFirstFileA,5_2_03C34390
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C36660 FindFirstFileA,5_2_03C36660
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4EA00 FindFirstFileA,5_2_03C4EA00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4DFC0 FindFirstFileA,FindNextFileA,5_2_03C4DFC0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4E081 FindFirstFileA,5_2_03C4E081
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4EAC7 FindFirstFileA,5_2_03C4EAC7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C36CC0 FindFirstFileA,5_2_03C36CC0
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B18BD
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B0B8D
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then xor ecx, ecx0_2_00007FFAAC8B1421
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B1421
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B1421
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B11A5
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B14F9
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then xor ecx, ecx0_2_00007FFAAC8B0D21
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B2521
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B1265
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B1E85
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B1681
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B1681
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B2281
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B0EA5
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B0EA5
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then xor ecx, ecx0_2_00007FFAAC8B0DDD
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B0DDD
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B15E0
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B260D
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B0A01
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then xor ecx, ecx0_2_00007FFAAC8B0A01
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B0231
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B1B4D
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then xor ecx, ecx0_2_00007FFAAC8B0AE8
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B2331
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B23F1
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 4x nop then dec eax0_2_00007FFAAC8B1039

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2856351 - Severity 1 - ETPRO MALWARE Win32/FakeJami Stealer Geo Info Inbound : 185.234.216.181:6666 -> 192.168.2.7:49779
      Source: Network trafficSuricata IDS: 2855894 - Severity 1 - ETPRO MALWARE Win32/FakeJami Stealer Host Details Exfil : 192.168.2.7:49786 -> 185.234.216.181:6655
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorIPs: 185.234.216.181
      Source: global trafficTCP traffic: 192.168.2.7:49779 -> 185.234.216.181:6666
      Source: global trafficHTTP traffic detected: GET /200/300?random=1 HTTP/1.1Host: picsum.photosConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /200/300?random=2 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=3 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=4 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=5 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=6 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=7 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=8 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=9 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=10 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=11 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=12 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=13 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=14 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=15 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=16 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=17 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=18 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=19 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=20 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=21 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=22 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=23 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=24 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=25 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=26 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=27 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=28 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=29 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=30 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=31 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=32 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=33 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=34 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=35 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=36 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=37 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=38 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=40 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=41 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=42 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=43 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=44 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=45 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=46 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=47 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=48 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=49 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=50 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=51 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=52 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=53 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=54 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=55 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=56 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=57 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=58 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=59 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=60 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=61 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=62 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=63 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=64 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=65 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=66 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=67 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=68 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=69 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=70 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=71 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=72 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=73 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=74 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=75 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=76 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=77 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=78 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=79 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=80 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=81 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=82 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=83 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=84 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=86 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=87 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=88 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=89 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=90 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=91 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=92 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=93 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=94 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=96 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=97 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=98 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=99 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=101 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=102 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=103 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=104 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=105 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=106 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=107 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=108 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=109 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=110 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=111 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=112 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=113 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=114 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=116 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=117 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=118 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=119 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=120 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=121 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=123 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=124 HTTP/1.1Host: picsum.photos
      Source: Joe Sandbox ViewIP Address: 104.26.5.30 104.26.5.30
      Source: Joe Sandbox ViewIP Address: 104.26.4.30 104.26.4.30
      Source: Joe Sandbox ViewASN Name: SPRINT-SDCPL SPRINT-SDCPL
      Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49707 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49780 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49704 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49738 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49748 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49715 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49805 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49762 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49793 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49899 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49914 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49723 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49886 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50008 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49870 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49846 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49834 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49821 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49926 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50040 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50052 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50020 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50078 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49954 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50034 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49858 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49995 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50068 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50074 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50058 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50076 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49941 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50072 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50070 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50120 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50086 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50092 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50030 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50134 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50110 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50050 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50114 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50100 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50102 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50056 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50124 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50164 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50175 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50062 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50130 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50042 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50082 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50177 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50080 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50036 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50169 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50112 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50149 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50128 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50084 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50122 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50032 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50204 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50136 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50116 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50211 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50038 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50143 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50208 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50096 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50166 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50054 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50206 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50118 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50173 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50191 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50088 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50195 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50104 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50132 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50145 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50140 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50193 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50060 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50179 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50138 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50126 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50046 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50154 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49966 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50044 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50213 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50158 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50048 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50181 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50161 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50183 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49983 -> 104.26.5.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50066 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50162 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50108 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50094 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50198 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50171 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50185 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50090 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50098 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50202 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50187 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50152 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50156 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50150 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50200 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50064 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50106 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50147 -> 104.26.4.30:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:50189 -> 104.26.4.30:443
      Source: unknownHTTPS traffic detected: 104.26.5.30:443 -> 192.168.2.7:49699 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 192.168.2.7:49870 -> 104.26.5.30:443 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.5.30:443 -> 192.168.2.7:50052 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50143 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50150 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50161 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50162 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50169 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50198 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.26.4.30:443 -> 192.168.2.7:50211 version: TLS 1.0
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: unknownTCP traffic detected without corresponding DNS query: 185.234.216.181
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C36450 send,socket,connect,recv,5_2_03C36450
      Source: global trafficHTTP traffic detected: GET /200/300?random=1 HTTP/1.1Host: picsum.photosConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /200/300?random=2 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=3 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=4 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=5 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=6 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=7 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=8 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=9 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=10 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=11 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=12 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=13 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=14 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=15 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=16 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=17 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=18 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=19 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=20 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=21 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=22 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=23 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=24 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=25 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=26 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=27 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=28 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=29 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=30 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=31 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=32 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=33 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=34 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=35 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=36 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=37 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=38 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=40 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=41 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=42 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=43 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=44 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=45 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=46 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=47 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=48 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=49 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=50 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=51 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=52 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=53 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=54 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=55 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=56 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=57 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=58 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=59 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=60 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=61 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=62 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=63 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=64 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=65 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=66 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=67 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=68 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=69 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=70 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=71 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=72 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=73 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=74 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=75 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=76 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=77 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=78 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=79 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=80 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=81 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=82 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=83 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=84 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=86 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=87 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=88 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=89 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=90 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=91 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=92 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=93 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=94 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=96 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=97 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=98 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=99 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=101 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=102 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=103 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=104 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=105 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=106 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=107 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=108 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=109 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=110 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=111 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=112 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=113 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=114 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=116 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=117 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=118 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=119 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=120 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=121 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=123 HTTP/1.1Host: picsum.photos
      Source: global trafficHTTP traffic detected: GET /200/300?random=124 HTTP/1.1Host: picsum.photos
      Source: global trafficDNS traffic detected: DNS query: picsum.photos
      Source: global trafficDNS traffic detected: DNS query: fastly.picsum.photos
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418E6A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B55000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dualstack.n.sni.global.fastly.net
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418E6A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B55000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fastly.picsum.photos
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B7B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4189F1000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A85000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://picsum.photos
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418E6A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B55000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4182EB000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/1000/200/300.jpg?hmac=fTFlkBSHCXIXMoNE-1_EshZ91TrzHgY8YhIzYDRwH2c
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/1028/200/300.jpg?hmac=Ka86H0yLDb-Ft8SNNKSVTSFylu-GfaEGBrS2AP01ZSM
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/1029/200/300.jpg?hmac=VpePgDBTGFZYhRTeOD9o6nCvZB_01SrIHCMMkoZal_A
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4183A3000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41893E000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/1040/200/300.jpg?hmac=Q4ntfv8HG_O9dfwjINSmS4oQUot0YUwT_6bezgKA3Jw
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184EE000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4183C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/108/200/300.jpg?hmac=66ukSMLRNm61ayt092vMAdSgvIRE5opr1Dj3kxCkC2c
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/119/200/300.jpg?hmac=1NqHBHR5JDtc_FgBO6wYZJYAWBRIPfgNbRoiqVQ5m-k
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/130/200/300.jpg?hmac=ax-dkx2e5CJww9f5IfH-mUHr_9eNBKUNGHcA46-0oB0
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/136/200/300.jpg?hmac=vOFG2QkF3OUbTp5DRbf7w58YCDVrvf_g5aPFxxTucpU
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/144/200/300.jpg?hmac=Ht6BBpdvDQfimGaAl_1BbAm3Fj5fHtMwP5C6xpsUL10
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/15/200/300.jpg?hmac=lozQletmrLG9PGBV1hTM1PnmvHxKEU0lAZWu8F2oL30
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184D5000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/152/200/300.jpg?hmac=eCdUqkEQWPiigXtrPPzcwO9QeKYgOrV_YWW0LoFkuyk
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/165/200/300.jpg?hmac=4P65Mkd3rtbFIw6TRq5Wc_c9_bOP2SClOjjOFZgbEPg
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/171/200/300.jpg?hmac=NHia9vzbBwrKnBFwp7cDZPSxFcVF_VGbnFO5LAjWnuE
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/180/200/300.jpg?hmac=EC8Kweq0GgryGedfHPQFsFTXsZ8NgHaYU5ZnhoGkPLA
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4184D9000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B55000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/191/200/300.jpg?hmac=CHbfFOcICYpJ4GXstpLztK5ds_l5NYOdgHORuCEIY_g
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/196/200/300.jpg?hmac=lnuMbzY_IHjTjCeY77BE28VPk68gKVhse1nRP04R_Js
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/215/200/300.jpg?hmac=Nt1epjkKo-29FLbrKGINDjceT_uNiqOG_pah7r52Wss
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4184EE000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41893E000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41839D000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/217/200/300.jpg?hmac=3GPQ-pPnL4D8miCKA0qNqIg4zr5Ponvl9OVH83CeGuc
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/237/200/300.jpg?hmac=TmmQSbShHz9CdQm0NkEjx1Dyh_Y984R9LpNrpvH2D_U
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/242/200/300.jpg?hmac=_v7qaiV_fwDB3NP9lpirq7rMvS10u8lHjqMYNmmXya4
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/260/200/300.jpg?hmac=_VpBxDn0zencTyMnssCV14LkW80zG7vw2rw7WCQ2uVo
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/272/200/300.jpg?hmac=QjLWH4UZZJnyhE7WasPSxZtf4bnA8f4bsbtK2R4m3Ws
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41870F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/279/200/300.jpg?hmac=fYDbVmnm7vDGt7SA51v-qMUKHIn7HKCp5v9d8Wx_SVM
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/28/200/300.jpg?hmac=PtGtIbRuuZW5gEPGm0h1Y-koEaki3vffOYcq3TdSAlA
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41870B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/284/200/300.jpg?hmac=fvS2Lhb3_MeGZNH-d1zR5710oX4Z8XcKYbFeM3p-B6k
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/29/200/300.jpg?hmac=LrtD-VNd4eRyyMbqI05Mpy4EQNgTdZkSEt5ULyXx4lw
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/290/200/300.jpg?hmac=kjRyFwJ6i5kuROjzxcs6QbXbBr8EptbH5AuVxtMxhQ0
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/306/200/300.jpg?hmac=T-FQeWIc7YbLbcYdpyDGypNif0btJ8n5P4ozBJx8WgE
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/31/200/300.jpg?hmac=zQA1_1D1pCB2sbB4Hx3gK8ih9-IPgNID_e_8pK0QsiA
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/315/200/300.jpg?hmac=C67WPcnxkaV_SPowHi-8nl3yoODZSBZqnoOdBObP5Ys
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418391000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/32/200/300.jpg?hmac=rNLw7Y7-RK2isGxXfSq90mzxSpKSXsRuOkvkGdEGK9c
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41870B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/337/200/300.jpg?hmac=0CnfGB9OuB4D8IneXqgjPMaGgLSHBKRjSkl_ITBmDxQ
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/34/200/300.jpg?hmac=K076uH4zC5xneqvhRayjS90G00xjPsR7eL_ShGEr6rs
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/343/200/300.jpg?hmac=_7ttvLezG-XONDvp0ILwQCv50ivQa_oewm7m6xV2uZA
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/360/200/300.jpg?hmac=Fl1CgUfxrFjmcS1trYDG80XpEjYixcXfc2uTtCxFkDw
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184A5000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/367/200/300.jpg?hmac=9v6fvZlygxFPleXOePw645QmRd9ytp91VGVQaolJKIk
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/37/200/300.jpg?hmac=H-M0-zyAOZnQIHrggRUcDCS_roK8MHKI1OtEgZA72yk
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41837D000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/370/200/300.jpg?hmac=7gPWuhI1_LDcGkEssyW-1sPKu9NVl1KUoOs0nH7KXno
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4183C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/374/200/300.jpg?hmac=O7_6jZztETgk8S2eFcdlCNlqe50qS5u-OW5hs-EoNMo
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4183AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/382/200/300.jpg?hmac=ql7Jj1WJu3zhhAn2p18Oxdn-JE1qZBR-lDF-MOVXCUA
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/383/200/300.jpg?hmac=sP8wzjNbIJGIPQg-3A86o43HsTopJPnwV73iSCwH9cw
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4183AF000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/390/200/300.jpg?hmac=m2OBPNcWKpibmpjeOD_5Bnl5rx-6WjYtzfGnleMgyhU
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/395/200/300.jpg?hmac=qBCH-WGDS8eV52Y-LKSyEUXBavhsZrpi_XhOFFPMXaU
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/4/200/300.jpg?hmac=y6_DgDO4ccUuOHUJcEWirdjxlpPwMcEZo7fz1MpuaWg
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/402/200/300.jpg?hmac=JmZsqnQgJgxs4tbKwb8Tdu3r-B0tEGN7nrKEb1jBB0Y
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/404/200/300.jpg?hmac=1i6ra6DJN9kJ9AQVfSf3VD1w08FkegBgXuz9lNDk1OM
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4183AF000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/406/200/300.jpg?hmac=hL72xK7v5nIaSK6F5XcGWjvxXslx72ZNRshXUAci5Bc
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4183AF000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/409/200/300.jpg?hmac=DMEn4qNc0DsvxlQ4NSDPOesRyq8VhhGEi6IXy2DblLk
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4182EB000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/432/200/300.jpg?hmac=S0muAtaN6T0PXbBlf5O-UL0chTPM6i9FReOIs0IJlDU
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/465/200/300.jpg?hmac=GloUvp2VmlLW7pBsz3VDy5QNZizjay1SWjEmqisahZs
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/473/200/300.jpg?hmac=WYG6etF60iOJeGoFVY1hVDMakbBRS32ZDGNkVZhF6-8
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4183C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/474/200/300.jpg?hmac=ujW-ONkfEKNYQaIt8c6e2WaF1LWjpave8A5pHryyQs0
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41870F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/480/200/300.jpg?hmac=-NCJbhpqFCFd17uR0DXt17Ccp5H073pZLLaStM6erZg
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41870F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/487/200/300.jpg?hmac=jDYxTxKFMi18Gu5h9qt9ttwJKCk1-J6bZeHDtXGL2Vk
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41870F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/509/200/300.jpg?hmac=Y2Mtq5PEipyaFNlDH01CoNhW9to1T8GCuTf6yUSH-TY
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418399000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41893E000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/51/200/300.jpg?hmac=w7933XDRbSqrql6BuyEfFBOeVsO60iU5N_OS5FbO6wQ
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/520/200/300.jpg?hmac=wYOWhYQGp5efB1HNroao-yTysVtEt5osptkdHJIsc0g
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184CD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/529/200/300.jpg?hmac=WqdWbOIAJ1H2q4r92Fc4KXM--xvRadidXmV5P2R1rDg
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/543/200/300.jpg?hmac=JHbKAeHI7u3kPoNG9pE9vFnF8ozQabbnwrDwHxdcqv4
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/546/200/300.jpg?hmac=WRVm_tMObPuM2HqJCr5D6N59Mboh73aqEno4MCuu5AE
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4183AF000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/551/200/300.jpg?hmac=pXJCWIikY_BiqwhtawBb8x1jxclDny0522ZprZVTJiU
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/557/200/300.jpg?hmac=eC86bsSOhqQjoHHnj3yzH5wMTIY9S3ys6cQjU1_QLGc
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4182EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/570/200/300.jpg?hmac=fMlqjNmBSgN75P_tCU-PVSGzRYQxU23Xqd593HxZSZQ
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/574/200/300.jpg?hmac=8A2sOGZU1xgRXI46snJ80xNY3Yx-KcLVsBG-wRchwFg
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/591/200/300.jpg?hmac=GBnqheK8f8NgGoZ-JQIGl0uYMejcmT4gvw4PsBmUWPY
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/666/200/300.jpg?hmac=FfmCCw-UuMgMhTLigoNVx2auMxtw-EtixqVwwxaefq0
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184EE000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4183C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/691/200/300.jpg?hmac=1nouilaOHm3p-SqXPrCLcCcFEtJ60GlDAwkLAHq4x-c
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/698/200/300.jpg?hmac=2Z_fr-yUH1ByQu36MAR319aTCndT4FjG1VBksAKGVKU
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418375000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/723/200/300.jpg?hmac=EtJwe3DxhZ1GDiNghxWaO92pvcPcjg02wJzc7Qj7Lr0
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/739/200/300.jpg?hmac=xApsFbHx511SUVG612QiltrATotVTYu3Q4wfvGyYC1g
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/739/200/300.jpg?hmac=xApsFbHx511SUVG612QiltrATotVTYu3Q4wfvGyYC1g_Y
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41870F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/757/200/300.jpg?hmac=su32mJgKVc94YgSiaPE3SzaIM11AtqJgoGffpSTQUOE
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/76/200/300.jpg?hmac=SWpe2KMM2qFiQ8C8WHIZilaJb7KVkgOVVJPTbasGyUU
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4183C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/780/200/300.jpg?hmac=Zmxf0t2fpCbfZrR5NAXA_IKAP_8P6fYe9P440jUTWag
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/793/200/300.jpg?hmac=MOZTy7CEiCptTmTIOiss-6dGsFhhfJPMTKyTgyR12hw
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/810/200/300.jpg?hmac=HgwlXd-OaLOAqhGyCiZDUb_75EgUI4u0GtS7nfgxd8s
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/810/200/300.jpg?hmac=HgwlXd-OaLOAqhGyCiZDUb_75EgUI4u0GtS7nfgxd8sx
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4184E2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/815/200/300.jpg?hmac=Vd0SL31jtPA-FMvY___e5hp84IGLTUjtVJY4qUL6hOs
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/816/200/300.jpg?hmac=4O5XSGjimzcjZYOXpVb_--v3rGzmS-3chmG2L1MS-mc
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/822/200/300.jpg?hmac=L4-fkLPiZOUXQokdDk0s2gcjb6w_zq1DGU7WybDqrj0
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418379000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/83/200/300.jpg?hmac=avqtE9ZSAkPbFtYCXzxg4TeAA-fMWqX6jUQeWI_HjLc
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/834/200/300.jpg?hmac=9hu4aro5r8PEFwzVlhizygx4urxyeGGjgyMRXUgKOsE
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/837/200/300.jpg?hmac=Gt-0oRZYfIeEmweMdDSOJI6o3pk0tZitt5LO1KsbLC4
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/851/200/300.jpg?hmac=AD_d7PsSrqI2zi-ubHY_-urUxCN77Gnev3k5o0P6nlE
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/857/200/300.jpg?hmac=kFf6koUaHH4bIVWuoXIIsmZJQM_9Ew5l4AOeLL2UoG8
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/878/200/300.jpg?hmac=nSy0W5kdisSxfmRdWV95EFyG0HgfqQzD9D2IkWG76ho
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418521000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/880/200/300.jpg?hmac=dShSJOHRB--zjrqofJOm33xe4Cylybn00N77ewnaS2g
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4183AF000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/893/200/300.jpg?hmac=7jsxm2l6ji-5CBnfrJO7IqDUekLtP4PvA7taLcRW2NI
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/905/200/300.jpg?hmac=uLUlIwyKcu9AtTY3uOL04O0gbesMVu-yNVRvCsF1xD8
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/905/200/300.jpg?hmac=uLUlIwyKcu9AtTY3uOL04O0gbesMVu-yNVRvCsF1xD8n
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418E6A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41893C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4184C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/906/200/300.jpg?hmac=7sarKOMVDlgOBTc6eUDUf0M4S-M-4jF0X0uix_sMALU
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/911/200/300.jpg?hmac=WJrS4QZru3pp2Z3K9wqapHxHCNFU-XPF2tY7gviRMoQ
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41836D000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/92/200/300.jpg?hmac=9Eq_kpOk-5TZ2YHExdgGL_iYGHpJNmvUogSdSuZzGYE
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4184A9000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/938/200/300.jpg?hmac=MVXKrDXBUPK5fv_Ev3FTdCFeYf9rvJE2Tz9xynjeelM
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/965/200/300.jpg?hmac=16gh0rrQrvUF3RJa52nRdq8hylkBd-pL4Ff9kqsNRDQ
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/988/200/300.jpg?hmac=t-oW7bwXaruDMMMz6vIk1GO5lfOolflGxHfJfheVvc8
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B7B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41838D000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/99/200/300.jpg?hmac=Hnlwbe_FdfH-64B_lvRcwVnK7KViI5YgtT8AQRfkFwY
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/991/200/300.jpg?hmac=BdTxfK2wHhsGppraQzb5puxPKb5mPVzDaZPz8IiC44Q
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fastly.picsum.photos/id/996/200/300.jpg?hmac=vjpTROwvLRamauR7RHTF21dxsN351pnM44SxoByue5c
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B7B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4189F1000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A85000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=1
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=101
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=102
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=103
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=104
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=105
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=106
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=107
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=108
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4189F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=109
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4189F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=109X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=110
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=110X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=111
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=111X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=112
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=112X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=113
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=113X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=114
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418B7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=114X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=115
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=115X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418C0D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=116
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=116X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=117
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=117X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=118
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=118X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=119
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=119X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=120
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=120X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=121
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=121X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=122
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=122X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=123
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=123X
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=16
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=17
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4184EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=18
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=19
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D4182EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=2
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=20
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=21
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=22
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=23
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=24
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=255A
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=26
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=27
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=28g?hm
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=29
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=30
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=31
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=32
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=33
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=34
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=35
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=36
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=37
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=38
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=40
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=41
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=42
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=43h
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=44
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=45
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=46
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=47
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=48
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=49
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=50
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=51
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=52
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=53
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=54
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=55
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=56
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=57
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=58
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=59
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=60
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=61
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=62
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=63
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=64
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=65
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=66
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=67
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=68
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=69(8
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=70
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=71
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=72
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=73
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=74
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=75
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=76
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=77
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=78
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=79
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=80
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=81
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=82
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=83
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=84
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=86
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=87
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=88
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=89
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=90
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=91
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=92
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=93
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=94
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=96
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=97
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=98
      Source: cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://picsum.photos/200/300?random=99
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
      Source: RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
      Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50181
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
      Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
      Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
      Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50189
      Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50191
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
      Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50197
      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
      Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50198
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
      Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
      Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
      Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
      Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
      Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
      Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
      Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
      Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50152
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
      Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
      Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
      Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
      Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
      Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
      Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
      Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50213
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
      Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
      Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
      Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
      Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50181 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
      Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50206 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
      Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50204
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50206
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50208
      Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50202
      Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000000.00000002.3783711899.000001D428ABA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
      Source: 00000005.00000002.3758733093.0000000001100000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
      PE file contains section with special chars
      Source: cabbage.exeStatic PE information: section name: .D]7
      Source: cabbage.exeStatic PE information: section name: .7&|
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7206B00_2_00007FFAAC7206B0
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72CF5D0_2_00007FFAAC72CF5D
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72971D0_2_00007FFAAC72971D
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72A4B00_2_00007FFAAC72A4B0
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72ED710_2_00007FFAAC72ED71
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72DCC00_2_00007FFAAC72DCC0
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72F4CF0_2_00007FFAAC72F4CF
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7220D30_2_00007FFAAC7220D3
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7308E00_2_00007FFAAC7308E0
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72FCEB0_2_00007FFAAC72FCEB
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72F9030_2_00007FFAAC72F903
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72FA800_2_00007FFAAC72FA80
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7311D00_2_00007FFAAC7311D0
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7265D30_2_00007FFAAC7265D3
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7325F00_2_00007FFAAC7325F0
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7245FB0_2_00007FFAAC7245FB
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72FE010_2_00007FFAAC72FE01
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72C2200_2_00007FFAAC72C220
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72A4280_2_00007FFAAC72A428
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72F3710_2_00007FFAAC72F371
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC722B280_2_00007FFAAC722B28
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC725FA50_2_00007FFAAC725FA5
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72F7A20_2_00007FFAAC72F7A2
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7277AD0_2_00007FFAAC7277AD
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72FBB10_2_00007FFAAC72FBB1
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC723EE50_2_00007FFAAC723EE5
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC723AED0_2_00007FFAAC723AED
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7292FA0_2_00007FFAAC7292FA
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7267250_2_00007FFAAC726725
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72FF220_2_00007FFAAC72FF22
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72F7330_2_00007FFAAC72F733
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72ECA50_2_00007FFAAC72ECA5
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72C8AF0_2_00007FFAAC72C8AF
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7273ED0_2_00007FFAAC7273ED
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7228070_2_00007FFAAC722807
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72A4300_2_00007FFAAC72A430
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC8202CB0_2_00007FFAAC8202CB
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC8206050_2_00007FFAAC820605
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC820C810_2_00007FFAAC820C81
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC82000B0_2_00007FFAAC82000B
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC90A5640_2_00007FFAAC90A564
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC90298E0_2_00007FFAAC90298E
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC90198B0_2_00007FFAAC90198B
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC9093880_2_00007FFAAC909388
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC9020F80_2_00007FFAAC9020F8
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC90F8C80_2_00007FFAAC90F8C8
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC9007240_2_00007FFAAC900724
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC90304B0_2_00007FFAAC90304B
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC900E8B0_2_00007FFAAC900E8B
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC907E800_2_00007FFAAC907E80
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC9068AF0_2_00007FFAAC9068AF
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC90868B0_2_00007FFAAC90868B
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC9027DB0_2_00007FFAAC9027DB
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC904FFB0_2_00007FFAAC904FFB
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC907C380_2_00007FFAAC907C38
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC90BE010_2_00007FFAAC90BE01
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBF178B0_2_00007FFAACBF178B
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBF15A80_2_00007FFAACBF15A8
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBE8F490_2_00007FFAACBE8F49
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBE23480_2_00007FFAACBE2348
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBE73450_2_00007FFAACBE7345
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBEA5070_2_00007FFAACBEA507
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBE25120_2_00007FFAACBE2512
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBEB7100_2_00007FFAACBEB710
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBF28DC0_2_00007FFAACBF28DC
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBE48F80_2_00007FFAACBE48F8
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBF02A50_2_00007FFAACBF02A5
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBE44500_2_00007FFAACBE4450
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBECA700_2_00007FFAACBECA70
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBF0C0F0_2_00007FFAACBF0C0F
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBE060D0_2_00007FFAACBE060D
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBEBC1D0_2_00007FFAACBEBC1D
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAACBEC1F80_2_00007FFAACBEC1F8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C412F05_2_03C412F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C3F0005_2_03C3F000
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C420005_2_03C42000
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C3202B5_2_03C3202B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C347AE5_2_03C347AE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C525F05_2_03C525F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C375BD5_2_03C375BD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C502705_2_03C50270
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C520405_2_03C52040
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C6806C5_2_03C6806C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4C4E05_2_03C4C4E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C63A725_2_03C63A72
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C639525_2_03C63952
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C519205_2_03C51920
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C41FC35_2_03C41FC3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C51F105_2_03C51F10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C68D705_2_03C68D70
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C5AC755_2_03C5AC75
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C59C005_2_03C59C00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C57C345_2_03C57C34
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03F9ABA35_2_03F9ABA3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03F9A3615_2_03F9A361
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_042E34905_2_042E3490
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_04125CDB5_2_04125CDB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0413AD5D5_2_0413AD5D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_040D8D625_2_040D8D62
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0400ADCA5_2_0400ADCA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_041D2E5A5_2_041D2E5A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03F9D1AD5_2_03F9D1AD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03FA10AE5_2_03FA10AE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03F9F8505_2_03F9F850
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_042AF7CA5_2_042AF7CA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0414F0315_2_0414F031
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0402B8485_2_0402B848
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0427206D5_2_0427206D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_040FC8795_2_040FC879
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0403A1D15_2_0403A1D1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0402121A5_2_0402121A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_041CFA715_2_041CFA71
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_040492985_2_04049298
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0427CAE75_2_0427CAE7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_040EEAFF5_2_040EEAFF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_040483265_2_04048326
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_04125B6A5_2_04125B6A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_0409A3DC5_2_0409A3DC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 03C53DA0 appears 34 times
      Source: cabbage.exeStatic PE information: No import functions for PE file found
      Source: cabbage.exe, 00000000.00000000.1293424642.000001D416276000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMath.exe2 vs cabbage.exe
      Source: cabbage.exeBinary or memory string: OriginalFilenameMath.exe2 vs cabbage.exe
      Source: 00000000.00000002.3783711899.000001D428ABA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
      Source: 00000005.00000002.3758733093.0000000001100000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/1@7/3
      Source: C:\Users\user\Desktop\cabbage.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7688:120:WilError_03
      Source: cabbage.exeStatic file information: TRID: Win64 Executable Console Net Framework (206006/5) 48.35%
      Source: C:\Users\user\Desktop\cabbage.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: cabbage.exeReversingLabs: Detection: 26%
      Source: unknownProcess created: C:\Users\user\Desktop\cabbage.exe "C:\Users\user\Desktop\cabbage.exe"
      Source: C:\Users\user\Desktop\cabbage.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\cabbage.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
      Source: C:\Users\user\Desktop\cabbage.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exeJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: dwrite.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: cabbage.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: cabbage.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
      Source: cabbage.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: cabbage.exeStatic file information: File size 15276544 > 1048576
      Source: cabbage.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x6eba00
      Source: cabbage.exeStatic PE information: Raw size of .D]7 is bigger than: 0x100000 < 0x55ec00
      Source: cabbage.exeStatic PE information: Raw size of .7&| is bigger than: 0x100000 < 0x246a00
      Source: cabbage.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: RegAsm.exe, 00000005.00000002.3774660174.000000000AAE4000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ntkrnlmp.pdbx6 source: RegAsm.exe, 00000005.00000002.3774660174.000000000AAE4000.00000004.00000020.00020000.00000000.sdmp
      Source: cabbage.exeStatic PE information: 0x89D0414A [Wed Apr 8 17:26:34 2043 UTC]
      Source: cabbage.exeStatic PE information: section name: .D]7
      Source: cabbage.exeStatic PE information: section name: .7&|
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC727563 push ebx; iretd 0_2_00007FFAAC72756A
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC727967 push ebx; retf 0_2_00007FFAAC72796A
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC7200BD pushad ; iretd 0_2_00007FFAAC7200C1
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC72D5BA pushfd ; ret 0_2_00007FFAAC72D5BB
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC903EF7 push edx; ret 0_2_00007FFAAC903F16
      Source: C:\Users\user\Desktop\cabbage.exeCode function: 0_2_00007FFAAC9092FC push ds; iretd 0_2_00007FFAAC9092FD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03FA1221 push es; retf 5_2_03FA121E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03FA10AE push es; retf 5_2_03FA121E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03F9E82A push ss; ret 5_2_03F9E82E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03F9F7FB push cs; retf 5_2_03F9F807
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03F9DFFE push dword ptr [edx-75FE5744h]; retf 5_2_03F9E00E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_04054843 push ecx; ret 5_2_0405485B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03F9FCE7 push dword ptr [ebx]; retf 5_2_03F9FCF6
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI/Special instruction interceptor: Address: 40B61E8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI/Special instruction interceptor: Address: 3FB7F06
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI/Special instruction interceptor: Address: 3FF5C07
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI/Special instruction interceptor: Address: 408BB32
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI/Special instruction interceptor: Address: 42B0EB8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI/Special instruction interceptor: Address: 4197B0B
      Source: C:\Users\user\Desktop\cabbage.exeMemory allocated: 1D417D60000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeMemory allocated: 1D430060000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeWindow / User API: threadDelayed 5451Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeWindow / User API: threadDelayed 4065Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -17524406870024063s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -100000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -99828s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -99656s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -99460s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -99306s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -99186s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -99060s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98953s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98841s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98726s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98623s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98515s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98403s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98297s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -99093s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98109s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -98656s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -99156s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exe TID: 7860Thread sleep time: -97640s >= -30000sJump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C34390 FindFirstFileA,5_2_03C34390
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C36660 FindFirstFileA,5_2_03C36660
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4EA00 FindFirstFileA,5_2_03C4EA00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4DFC0 FindFirstFileA,FindNextFileA,5_2_03C4DFC0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4E081 FindFirstFileA,5_2_03C4E081
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C4EAC7 FindFirstFileA,5_2_03C4EAC7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C36CC0 FindFirstFileA,5_2_03C36CC0
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 100000Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 99828Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 99656Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 99460Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 99306Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 99186Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 99060Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98953Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98841Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98726Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98623Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98515Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98403Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98297Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 99093Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98109Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 98656Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 99156Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeThread delayed: delay time: 97640Jump to behavior
      Source: RegAsm.exe, 00000005.00000002.3762761287.0000000001C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: cabbage.exeBinary or memory string: HGfsy
      Source: cabbage.exe, 00000000.00000002.3801367437.000001D430782000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.3762761287.0000000001C93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C5D8AD mov eax, dword ptr fs:[00000030h]5_2_03C5D8AD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C60FFB mov eax, dword ptr fs:[00000030h]5_2_03C60FFB
      Source: C:\Users\user\Desktop\cabbage.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Creates a thread in another existing process (thread injection)
      Source: C:\Users\user\Desktop\cabbage.exeThread created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe EIP: 1100000Jump to behavior
      Writes to foreign memory regions
      Source: C:\Users\user\Desktop\cabbage.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1100000Jump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 5_2_03C53DE8 cpuid 5_2_03C53DE8
      Source: C:\Users\user\Desktop\cabbage.exeQueries volume information: C:\Users\user\Desktop\cabbage.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\cabbage.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected Atlantida Stealer
      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7992, type: MEMORYSTR
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Tries to harvest and steal ftp login credentials
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
      Tries to steal Crypto Currency Wallets
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Local Storage\leveldb\Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7992, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected Atlantida Stealer
      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7992, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		211
      Process Injection      		1
      Disable or Modify Tools      		2
      OS Credential Dumping      		11
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		21
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		31
      Virtualization/Sandbox Evasion      		LSASS Memory31
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol3
      Data from Local System      		1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)211
      Process Injection      		Security Account Manager1
      Application Window Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Ingress Tool Transfer      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      File and Directory Discovery      		Distributed Component Object ModelInput Capture2
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
      Obfuscated Files or Information      		LSA Secrets122
      System Information Discovery      		SSHKeylogging13
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Timestomp      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      cabbage.exe26%ReversingLabs
      cabbage.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
      https://duckduckgo.com/ac/?q=0%URL Reputationsafe
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
      https://www.ecosia.org/newtab/0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      picsum.photos
      		104.26.5.30
      		truefalse
        		unknown
        fastly.picsum.photos
        		unknown
        		unknowntrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://picsum.photos/200/300?random=118false
            		unknown
            https://picsum.photos/200/300?random=117false
              		unknown
              https://picsum.photos/200/300?random=116false
                		unknown
                https://picsum.photos/200/300?random=114false
                  		unknown
                  https://picsum.photos/200/300?random=113false
                    		unknown
                    https://picsum.photos/200/300?random=112false
                      		unknown
                      https://picsum.photos/200/300?random=111false
                        		unknown
                        https://picsum.photos/200/300?random=20false
                          		unknown
                          https://picsum.photos/200/300?random=119false
                            		unknown
                            https://picsum.photos/200/300?random=13false
                              		unknown
                              https://picsum.photos/200/300?random=12false
                                		unknown
                                https://picsum.photos/200/300?random=11false
                                  		unknown
                                  https://picsum.photos/200/300?random=10false
                                    		unknown
                                    https://picsum.photos/200/300?random=17false
                                      		unknown
                                      https://picsum.photos/200/300?random=16false
                                        		unknown
                                        https://picsum.photos/200/300?random=15false
                                          		unknown
                                          https://picsum.photos/200/300?random=14false
                                            		unknown
                                            https://picsum.photos/200/300?random=110false
                                              		unknown
                                              https://picsum.photos/200/300?random=19false
                                                		unknown
                                                https://picsum.photos/200/300?random=18false
                                                  		unknown
                                                  https://picsum.photos/200/300?random=124false
                                                    		unknown
                                                    https://picsum.photos/200/300?random=123false
                                                      		unknown
                                                      https://picsum.photos/200/300?random=31false
                                                        		unknown
                                                        https://picsum.photos/200/300?random=30false
                                                          		unknown
                                                          https://picsum.photos/200/300?random=24false
                                                            		unknown
                                                            https://picsum.photos/200/300?random=23false
                                                              		unknown
                                                              https://picsum.photos/200/300?random=22false
                                                                		unknown
                                                                https://picsum.photos/200/300?random=21false
                                                                  		unknown
                                                                  https://picsum.photos/200/300?random=28false
                                                                    		unknown
                                                                    https://picsum.photos/200/300?random=27false
                                                                      		unknown
                                                                      https://picsum.photos/200/300?random=26false
                                                                        		unknown
                                                                        https://picsum.photos/200/300?random=25false
                                                                          		unknown
                                                                          https://picsum.photos/200/300?random=121false
                                                                            		unknown
                                                                            https://picsum.photos/200/300?random=120false
                                                                              		unknown
                                                                              https://picsum.photos/200/300?random=29false
                                                                                		unknown
                                                                                https://picsum.photos/200/300?random=60false
                                                                                  		unknown
                                                                                  https://picsum.photos/200/300?random=64false
                                                                                    		unknown
                                                                                    https://picsum.photos/200/300?random=63false
                                                                                      		unknown
                                                                                      https://picsum.photos/200/300?random=62false
                                                                                        		unknown
                                                                                        https://picsum.photos/200/300?random=61false
                                                                                          		unknown
                                                                                          https://picsum.photos/200/300?random=57false
                                                                                            		unknown
                                                                                            https://picsum.photos/200/300?random=56false
                                                                                              		unknown
                                                                                              https://picsum.photos/200/300?random=55false
                                                                                                		unknown
                                                                                                https://picsum.photos/200/300?random=54false
                                                                                                  		unknown
                                                                                                  https://picsum.photos/200/300?random=59false
                                                                                                    		unknown
                                                                                                    https://picsum.photos/200/300?random=58false
                                                                                                      		unknown

                                                                                                      URLs from Memory and Binaries

                                                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                                                      https://duckduckgo.com/chrome_newtabRegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://picsum.photos/200/300?random=115cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://duckduckgo.com/ac/?q=RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://fastly.picsum.photos/id/367/200/300.jpg?hmac=9v6fvZlygxFPleXOePw645QmRd9ytp91VGVQaolJKIkcabbage.exe, 00000000.00000002.3763970731.000001D4184A5000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://fastly.picsum.photos/id/51/200/300.jpg?hmac=w7933XDRbSqrql6BuyEfFBOeVsO60iU5N_OS5FbO6wQcabbage.exe, 00000000.00000002.3763970731.000001D418399000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41893E000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://fastly.picsum.photos/id/108/200/300.jpg?hmac=66ukSMLRNm61ayt092vMAdSgvIRE5opr1Dj3kxCkC2ccabbage.exe, 00000000.00000002.3763970731.000001D4184EE000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4183C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://picsum.photos/200/300?random=115Xcabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://fastly.picsum.photos/id/996/200/300.jpg?hmac=vjpTROwvLRamauR7RHTF21dxsN351pnM44SxoByue5ccabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://fastly.picsum.photos/id/32/200/300.jpg?hmac=rNLw7Y7-RK2isGxXfSq90mzxSpKSXsRuOkvkGdEGK9ccabbage.exe, 00000000.00000002.3763970731.000001D418391000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://fastly.picsum.photos/id/546/200/300.jpg?hmac=WRVm_tMObPuM2HqJCr5D6N59Mboh73aqEno4MCuu5AEcabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://picsum.photoscabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B7B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4189F1000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A85000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://fastly.picsum.photos/id/570/200/300.jpg?hmac=fMlqjNmBSgN75P_tCU-PVSGzRYQxU23Xqd593HxZSZQcabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4182EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://fastly.picsum.photos/id/191/200/300.jpg?hmac=CHbfFOcICYpJ4GXstpLztK5ds_l5NYOdgHORuCEIY_gcabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4184D9000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B55000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://fastly.picsum.photos/id/591/200/300.jpg?hmac=GBnqheK8f8NgGoZ-JQIGl0uYMejcmT4gvw4PsBmUWPYcabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://fastly.picsum.photos/id/272/200/300.jpg?hmac=QjLWH4UZZJnyhE7WasPSxZtf4bnA8f4bsbtK2R4m3Wscabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://picsum.photos/200/300?random=69(8cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://picsum.photos/200/300?random=122cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://fastly.picsum.photos/id/905/200/300.jpg?hmac=uLUlIwyKcu9AtTY3uOL04O0gbesMVu-yNVRvCsF1xD8cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://fastly.picsum.photos/id/315/200/300.jpg?hmac=C67WPcnxkaV_SPowHi-8nl3yoODZSBZqnoOdBObP5Yscabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://picsum.photos/200/300?random=116Xcabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://fastly.picsum.photoscabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418C11000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418BBD000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418E6A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418B55000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4182EB000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418CC2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418D5F000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://fastly.picsum.photos/id/402/200/300.jpg?hmac=JmZsqnQgJgxs4tbKwb8Tdu3r-B0tEGN7nrKEb1jBB0Ycabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://fastly.picsum.photos/id/165/200/300.jpg?hmac=4P65Mkd3rtbFIw6TRq5Wc_c9_bOP2SClOjjOFZgbEPgcabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecabbage.exe, 00000000.00000002.3763970731.000001D4181BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                https://fastly.picsum.photos/id/543/200/300.jpg?hmac=JHbKAeHI7u3kPoNG9pE9vFnF8ozQabbnwrDwHxdcqv4cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://fastly.picsum.photos/id/171/200/300.jpg?hmac=NHia9vzbBwrKnBFwp7cDZPSxFcVF_VGbnFO5LAjWnuEcabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://fastly.picsum.photos/id/4/200/300.jpg?hmac=y6_DgDO4ccUuOHUJcEWirdjxlpPwMcEZo7fz1MpuaWgcabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://fastly.picsum.photos/id/988/200/300.jpg?hmac=t-oW7bwXaruDMMMz6vIk1GO5lfOolflGxHfJfheVvc8cabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://picsum.photos/200/300?random=113Xcabbage.exe, 00000000.00000002.3763970731.000001D418B0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://fastly.picsum.photos/id/409/200/300.jpg?hmac=DMEn4qNc0DsvxlQ4NSDPOesRyq8VhhGEi6IXy2DblLkcabbage.exe, 00000000.00000002.3763970731.000001D4183AF000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://fastly.picsum.photos/id/780/200/300.jpg?hmac=Zmxf0t2fpCbfZrR5NAXA_IKAP_8P6fYe9P440jUTWagcabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4183C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://fastly.picsum.photos/id/880/200/300.jpg?hmac=dShSJOHRB--zjrqofJOm33xe4Cylybn00N77ewnaS2gcabbage.exe, 00000000.00000002.3763970731.000001D418521000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://fastly.picsum.photos/id/83/200/300.jpg?hmac=avqtE9ZSAkPbFtYCXzxg4TeAA-fMWqX6jUQeWI_HjLccabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418379000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://fastly.picsum.photos/id/343/200/300.jpg?hmac=_7ttvLezG-XONDvp0ILwQCv50ivQa_oewm7m6xV2uZAcabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://fastly.picsum.photos/id/810/200/300.jpg?hmac=HgwlXd-OaLOAqhGyCiZDUb_75EgUI4u0GtS7nfgxd8sxcabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://www.ecosia.org/newtab/RegAsm.exe, 00000005.00000002.3775935509.000000000ABB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://fastly.picsum.photos/id/857/200/300.jpg?hmac=kFf6koUaHH4bIVWuoXIIsmZJQM_9Ew5l4AOeLL2UoG8cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://fastly.picsum.photos/id/136/200/300.jpg?hmac=vOFG2QkF3OUbTp5DRbf7w58YCDVrvf_g5aPFxxTucpUcabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://fastly.picsum.photos/id/152/200/300.jpg?hmac=eCdUqkEQWPiigXtrPPzcwO9QeKYgOrV_YWW0LoFkuykcabbage.exe, 00000000.00000002.3763970731.000001D4184D5000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418A5C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418945000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://fastly.picsum.photos/id/698/200/300.jpg?hmac=2Z_fr-yUH1ByQu36MAR319aTCndT4FjG1VBksAKGVKUcabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://picsum.photos/200/300?random=114Xcabbage.exe, 00000000.00000002.3763970731.000001D418B7B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://fastly.picsum.photos/id/834/200/300.jpg?hmac=9hu4aro5r8PEFwzVlhizygx4urxyeGGjgyMRXUgKOsEcabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://fastly.picsum.photos/id/465/200/300.jpg?hmac=GloUvp2VmlLW7pBsz3VDy5QNZizjay1SWjEmqisahZscabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://fastly.picsum.photos/id/306/200/300.jpg?hmac=T-FQeWIc7YbLbcYdpyDGypNif0btJ8n5P4ozBJx8WgEcabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://fastly.picsum.photos/id/480/200/300.jpg?hmac=-NCJbhpqFCFd17uR0DXt17Ccp5H073pZLLaStM6erZgcabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41870F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://fastly.picsum.photos/id/180/200/300.jpg?hmac=EC8Kweq0GgryGedfHPQFsFTXsZ8NgHaYU5ZnhoGkPLAcabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418506000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://fastly.picsum.photos/id/906/200/300.jpg?hmac=7sarKOMVDlgOBTc6eUDUf0M4S-M-4jF0X0uix_sMALUcabbage.exe, 00000000.00000002.3763970731.000001D418E6A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41893C000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4184C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://picsum.photos/200/300?random=111Xcabbage.exe, 00000000.00000002.3763970731.000001D418AA3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://picsum.photos/200/300?random=123Xcabbage.exe, 00000000.00000002.3763970731.000001D418DA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://fastly.picsum.photos/id/815/200/300.jpg?hmac=Vd0SL31jtPA-FMvY___e5hp84IGLTUjtVJY4qUL6hOscabbage.exe, 00000000.00000002.3763970731.000001D41871A000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D4184E2000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://fastly.picsum.photos/id/404/200/300.jpg?hmac=1i6ra6DJN9kJ9AQVfSf3VD1w08FkegBgXuz9lNDk1OMcabbage.exe, 00000000.00000002.3763970731.000001D418523000.00000004.00000800.00020000.00000000.sdmp, cabbage.exe, 00000000.00000002.3763970731.000001D418561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://fastly.picsum.photos/id/31/200/300.jpg?hmac=zQA1_1D1pCB2sbB4Hx3gK8ih9-IPgNID_e_8pK0QsiAcabbage.exe, 00000000.00000002.3763970731.000001D41873B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://fastly.picsum.photos/id/130/200/300.jpg?hmac=ax-dkx2e5CJww9f5IfH-mUHr_9eNBKUNGHcA46-0oB0cabbage.exe, 00000000.00000002.3763970731.000001D41896C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        104.26.5.30
                                                                                                                                                                                                        		picsum.photosUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                        185.234.216.181
                                                                                                                                                                                                        		unknownPoland
                                                                                                                                                                                                        		197226SPRINT-SDCPLtrue
                                                                                                                                                                                                        104.26.4.30
                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1542261
                                                                                                                                                                                                        Start date and time:2024-10-25 18:05:10 +02:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 9m 15s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:12
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:cabbage.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@4/1@7/3
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                        • Successful, ratio: 57%
                                                                                                                                                                                                        • Number of executed functions: 78
                                                                                                                                                                                                        • Number of non-executed functions: 97
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 151.101.1.91, 151.101.65.91, 151.101.129.91, 151.101.193.91
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, dualstack.n.sni.global.fastly.net, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                        • Execution Graph export aborted for target cabbage.exe, PID 7644 because it is empty
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                        • VT rate limit hit for: cabbage.exe

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                        12:06:11API Interceptor15477693x Sleep call for process: cabbage.exe modified

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        104.26.5.30https://4293857.debournigerialtd.com/#YWxleGFuZGVyLmhhZ2VuQG1hbi1lcy5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://xhdtsb3f.proventtus.com/#eWF2dXouemFtYW5AZGlnaXR1cmsuY29tLnRyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            http://r.email.rdv360.com/tr/cl/tl7Wu25UHrnjkn5sfc0vx0u4dtyo0w00PXMuL2iagRDUR4r6sEL0l9C97pb-2sRztT-v8bXx-XwXmfdSPRXPxbz7LHu0VNziyeYAzkCiIjcvnS7WBSJwBh3b5lynhLuGZ-icKIPKLG1_Nge8zb9RKR3x8-eqdE9Z6NZ1eNGz7xHfVQji-8Y3Ly2KhJRTjnC_XVffoO3v2wTAX7vCTKg95DV-fGkRhyk0Etop2L_GVfVQwjhA4X5PZ4rHEGj4_1HhHvnPUbiBjyJo5lqUbQIGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                              http://khelowars.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://794609.documents.savethenote2.com/healthesystems/viewAgreement?tsid=ZGFyeWxAaGVhbHRoZXN5c3RlbXMuY29t#%25EMAILXGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  EFT-Payment1220_ fdp.HTmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    _#U266c_Play Mp3MSG(#U00f0#U0178#U201c#U017e)242 ___3pm .htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      VoiceMail536536536 ___mp3 .HtmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        _#U266c_Play Mp3MSG(#U00f0#U0178#U201c#U017e)899 ___3pm .htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          VN#738.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            104.26.4.30https://aimsitconsulting.com/mtGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://www.super.kg/bannerRedirect/67?url=http://lfhosclr.transacar.com.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                https://tp.mmtrkr.com/clicks?email=27e247b6-55a9-5982-b092-866de51ff3f8&userId=6a7010d8-c322-4f69-9cc9-89e553b6a90d&emailId=p.mahadevan@adventz.com&sig=nocache&campaignId=16ae3c6c-c871-4b1d-8018-4ca0da5fe7a3&creationType=undefined&type=html&info=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2YTcwMTBkOC1jMzIyLTRmNjktOWNjOS04OWU1NTNiNmE5MGQiLCJjYW1wYWlnbklkIjoiMTZhZTNjNmMtYzg3MS00YjFkLTgwMTgtNGNhMGRhNWZlN2EzIiwiaWF0IjoxNjc1MjM2ODMwfQ.Wnjzc-K4olKSG785NKA_rqAVgUNHzZ3W6jR4xaIKk1E&redirect=31bb84f8-32ed-59d7-831b-18f8e0a8b678&redirectURL=http:///gqvhnh.rexfleet.fr/?&qrc=pdcpinfo@cdfa.ca.govGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  phillip.park@agshealth.com-Payroll fdp.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    https://4293857.debournigerialtd.com/#YWxleGFuZGVyLmhhZ2VuQG1hbi1lcy5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      https://xhdtsb3f.proventtus.com/#eWF2dXouemFtYW5AZGlnaXR1cmsuY29tLnRyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        https://adclick.g.doubleclick.net/pcs/click?adurl=https://550418.secure.micomya.com/./outlook.office.com/mail/inbox/id/thall/op-f/77468616c6c406f702d662e6f7267#dGhhbGxAb3AtZi5vcmcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          INVSeminolecountyfl7761QH8-VSTJ6Z-CDF520585008.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                            https://www.codeply.com:443/v/Cx18i7z38M/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              https://login.maebf.org/KVXVbSMIGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                picsum.photoshttps://4293857.debournigerialtd.com/#YWxleGFuZGVyLmhhZ2VuQG1hbi1lcy5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.26.5.30

                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                CLOUDFLARENETUShttps://8i.eryonficket.com/g60ff/#aGVzc2dyb3VwaW52QGhlc3MuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.18.1.150
                                                                                                                                                                                                                                                https://8i.eryonficket.com/g60ff/#aGVzc2dyb3VwaW52QGhlc3MuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                                                                                https://caraccidentdefencelawyer.com/LBKQgs7C#3l3f816z5y810bbd3w5muypm6py7liz04w39Get hashmaliciousGRQ ScamBrowse
                                                                                                                                                                                                                                                • 172.67.12.83
                                                                                                                                                                                                                                                https://forlongreasoncomingbad.top/comcast/bdon/?911comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                • 104.21.12.201
                                                                                                                                                                                                                                                https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NngTeRowYVzfBggLgr0jnYTDMmRw1imFIm2ET99YaDpZTcYzDf4_j-5YFTogaUxno5U6mNO7vBpPu8_Qjtn233vjPaHL2UbGDlhZQdGA3D25CwqECHxQCRtUKDBEqYowFBHIAzLTnKpBZet0FyIbh36NsUUZbSRWq6o0ZyOmIf1hCVhGuO6UGV5eawzRsIwkKvzidjgnmqdlkZtGukb6XGa_iBxPDbSv-k30p9lo3wdD1QatTUJJEohlFBchxhBckADPJi-N1FZ3iloNeeN8qyMNfc5Ys1judUQjU1gwK5EC2qllcEVWuSrLoChCMIK0bJx3mPJ19_Q6xTN6_Zu96Pc7y6XXfCBdt0HNrv0PBZaGs3DaTjQy2mYbupspnNefrFYvM3J35vc35X37_6zGK5f_2fVvaX7a1xVnPf0z2a5XZydZJdxPiwTRro9fX4wlOTmAb-lz_0effAv103-GQAA__9hXKLJGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.18.86.42
                                                                                                                                                                                                                                                [EXT] [ #ENCRYPT ] WSRB 401k, Trustee to Trustee Transfer form.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 1.1.1.1
                                                                                                                                                                                                                                                https://coinbase-team.net-s07.live/Zendesk/invite/ca2fd752-4355?rid=Ztd9NzCGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.114.96.3
                                                                                                                                                                                                                                                https://atpscan.global.hornetsecurity.com/?d=NnVkJrcOtS6jUcSOl6gFYT9DOTvhRx9_0n2vBuK3wGL4RfM1M4gwz-cei5V3Dmlh&f=VRGvOaKnOixCQPnN5E8Zd55sAVwpSzujOffY4RbLuwaxI18GkkIlhnlDIOqXjYsl&i=&k=IMq7&m=Eg31PQDiRU2Qx94y2dnGUum54tAMBzZzPaQN8QexaGJVzCG-OVPo4Om5V2lRlns7wwMWrL4CnmlsokgWfWk2TbD2kmpRAVDDTYG9PjUhZhfW-BwkapmD9W6_zQVWXFVN&n=KNtSaiODbNsJQEbSEZDwh34xn1itEQQfP1UznpoGI5WaWwC1dWtBevnqXGm5H-f7&r=2Ow9cKZ98a-5wptqW8Y-zAwN-MJuNt25fcQbqzqwDypDZl3_sT7dioYpzt-h-3hX&s=1f78a40d69089fa0743a8630bc133d18afc652a160161afdf52202844b072b54&u=https%3A%2F%2Ft.ly%2Fe_R6vGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 104.20.7.133
                                                                                                                                                                                                                                                19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                • 188.114.96.3
                                                                                                                                                                                                                                                Bank transfer receipt 241015.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                                                                                SPRINT-SDCPLhttps://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NngTeRowYVzfBggLgr0jnYTDMmRw1imFIm2ET99YaDpZTcYzDf4_j-5YFTogaUxno5U6mNO7vBpPu8_Qjtn233vjPaHL2UbGDlhZQdGA3D25CwqECHxQCRtUKDBEqYowFBHIAzLTnKpBZet0FyIbh36NsUUZbSRWq6o0ZyOmIf1hCVhGuO6UGV5eawzRsIwkKvzidjgnmqdlkZtGukb6XGa_iBxPDbSv-k30p9lo3wdD1QatTUJJEohlFBchxhBckADPJi-N1FZ3iloNeeN8qyMNfc5Ys1judUQjU1gwK5EC2qllcEVWuSrLoChCMIK0bJx3mPJ19_Q6xTN6_Zu96Pc7y6XXfCBdt0HNrv0PBZaGs3DaTjQy2mYbupspnNefrFYvM3J35vc35X37_6zGK5f_2fVvaX7a1xVnPf0z2a5XZydZJdxPiwTRro9fX4wlOTmAb-lz_0effAv103-GQAA__9hXKLJGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://app.pandadoc.com/document/v2?token=a0bcffa175414e2b8694792c4d9ae865b20836dd?Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://app.pandadoc.com/document/v2?token=a0bcffa175414e2b8694792c4d9ae865b20836dd?Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://email.email.pandadoc.net/c/eJxUkMtu2zAQRb9G3Dmghg-RCy2cxExQp4WLNCiQTTAihxH9EFWJVtN-fWGg6WM3GMwZnHtD22nRRcNC9ucTDeUlhfbb-GOyDzvX3zxunx_Pw_6jK58co7ZuwDZcW21Y3yqswRIJL41WFmVAHclyVKA8l1ax1AIHWXMQteEWmqsIBmMUmmQTa1K6kpxOmI5XIw4BQ_ZXAxWW5pcyoSfsjtSW6Uzs2PaljHMl1hW4ChyO41_E51MF7l2_ArdAJVzJBxoqcYu88zFi3ShZS4LOaCsbC14Gi2S06oAboUOohGNDLikmjyXl4VIDcBmtFbRSgdNKNkQrNBBX2EkjgUOwXLI8veKQfv6BnrTBz9fXfXgzUjz0_UbfbO4km9olDWnusZL8MGQ64UWcTbSk-TepNvutfcrWPzdvX7ttcDuJqWGlfc_2z7gqOL3Sf5v5crG0wL7n6TCP6OnydL9f1l8m-tCtd026v9X3-U6R-xUAAP__azuhWAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ffGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ffGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180
                                                                                                                                                                                                                                                https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • 188.68.242.180

                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                54328bd36c14bd82ddaa0c04b25ed9adBank transfer receipt 241015.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                n#U00ba 7064-2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                Factura 1-014685.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                SOLICITUD URGENTE RFQ-05567.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                PILNE ZAPYTANIE RFQ-05567-2024.10.25.vbsGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                Factura n#U00baB-2542.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30
                                                                                                                                                                                                                                                Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                • 104.26.5.30
                                                                                                                                                                                                                                                • 104.26.4.30

                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                \Device\ConDrv

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14
                                                                                                                                                                                                                                                Entropy (8bit):1.863120568566631
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:3moq:3mL
                                                                                                                                                                                                                                                MD5:0E121575F5696D42D5C1119FA9FB66A9
                                                                                                                                                                                                                                                SHA1:4D48B29D5819C8590BF09DE7095B468D75DF6EE8
                                                                                                                                                                                                                                                SHA-256:FF66A7980ED913DA4E3E36D59647ED3766673C421E4427ABE87470398BCADF02
                                                                                                                                                                                                                                                SHA-512:03CFC683F3E533B465F76E8BBCD83F0AE39A11CB6FE6174536931662093A9D013EADBDEC961FE1587EE4057609C7C87D47CD58E24452597CFE2AAB9BFA0AE706
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:tetete..tete..

                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                File type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):7.909072186970578
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win64 Executable Console Net Framework (206006/5) 48.35%
                                                                                                                                                                                                                                                • Win64 Executable Console (202006/5) 47.41%
                                                                                                                                                                                                                                                • Win64 Executable (generic) (12005/4) 2.82%
                                                                                                                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.49%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.47%
                                                                                                                                                                                                                                                File name:cabbage.exe
                                                                                                                                                                                                                                                File size:15'276'544 bytes
                                                                                                                                                                                                                                                MD5:81e184c5842808438d0c3ac633885c1b
                                                                                                                                                                                                                                                SHA1:9a10cb3b660c5b6b464ccf41c023e80a56f7cf79
                                                                                                                                                                                                                                                SHA256:31b233d5cdd809be59e838bb2c27c29d8a914daa08a2490e03b5e5f8ed35e312
                                                                                                                                                                                                                                                SHA512:d3b85d802f7024215320bed3f7ee36d218aaa9e33aa569c5117db766242f7e4d0881712dfc1d3a2a9767504f92b5422a520067a64b98f87c4ff115379c8a8223
                                                                                                                                                                                                                                                SSDEEP:393216:R7CC07BfWm8SH/hnvN4TKndLLscYxxlFYAOlJ1:AVBL8e/hvN4ogcY9mn
                                                                                                                                                                                                                                                TLSH:BFF6F12608AE5D12DE9B47732A1305F016F1E0766241EBFDED9EBAF7EA0D7C4580A017
                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...JA............"...0...n.............. .....@..... ....................................`...@......@............... .....

                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Entrypoint:0x140000000
                                                                                                                                                                                                                                                Entrypoint Section:
                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                Imagebase:0x140000000
                                                                                                                                                                                                                                                Subsystem:windows cui
                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x89D0414A [Wed Apr 8 17:26:34 2043 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:v4.0.30319
                                                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                Import Hash:

                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                dec ebp
                                                                                                                                                                                                                                                pop edx
                                                                                                                                                                                                                                                nop
                                                                                                                                                                                                                                                add byte ptr [ebx], al
                                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                                add byte ptr [eax+eax], al
                                                                                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xe960000x5d0.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0xe5faf00x48.7&|
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x20000x6eb9300x6eba000f26854f060d77eb3055936ee678ce4dunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .D]70x6ee0000x55ea4b0x55ec002a2e0b879c17997bfb3d8069c5ad68f3unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .7&|0xc4e0000x2469700x246a00cc0b4761637706cc7c74f37f29220ba9unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rsrc0xe960000x5d00x600593de306046117e4ed8f3e235bdab47eFalse0.447265625data4.185132413610137IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_VERSION0xe960900x33edata0.45903614457831327
                                                                                                                                                                                                                                                RT_MANIFEST0xe963e00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                2024-10-25T18:06:16.143707+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749704104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:18.238322+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749707104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:20.262032+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749715104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:22.239274+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749723104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:24.698076+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749738104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:26.798811+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749748104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:29.326409+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749762104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:30.990548+02002856351ETPRO MALWARE Win32/FakeJami Stealer Geo Info Inbound1185.234.216.1816666192.168.2.749779TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:31.368028+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749780104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:32.039384+02002855894ETPRO MALWARE Win32/FakeJami Stealer Host Details Exfil1192.168.2.749786185.234.216.1816655TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:33.451173+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749793104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:35.345981+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749805104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:38.472527+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749821104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:40.415462+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749834104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:42.423505+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749846104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:44.540722+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749858104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:46.996932+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749870104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:48.988670+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749886104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:51.269370+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749899104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:53.241082+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749914104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:55.744157+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749926104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:06:57.739741+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749941104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:00.096544+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749954104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:02.214801+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749966104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:04.240350+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749983104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:06.163919+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749995104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:08.115563+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750008104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:10.537130+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750020104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:12.666840+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750030104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:15.646142+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750032104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:17.362945+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750034104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:19.415167+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750036104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:21.368113+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750038104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:23.378168+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750040104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:25.337532+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750042104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:27.289605+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750044104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:30.387913+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750046104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:32.300317+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750048104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:34.308016+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750050104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:36.073939+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750052104.26.5.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:38.046449+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750054104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:40.112882+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750056104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:42.033984+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750058104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:43.990890+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750060104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:45.934642+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750062104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:47.695644+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750064104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:48.949197+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750066104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:50.936104+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750068104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:52.938534+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750070104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:55.053094+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750072104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:07:57.902115+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750074104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:00.028108+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750076104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:01.993043+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750078104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:04.127595+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750080104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:06.193783+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750082104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:08.152144+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750084104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:10.080043+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750086104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:11.757579+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750088104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:13.738669+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750090104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:16.194496+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750092104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:18.160431+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750094104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:19.631592+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750096104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:21.632392+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750098104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:23.572908+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750100104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:25.742428+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750102104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:27.717296+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750104104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:29.570881+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750106104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:33.735235+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750108104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:35.280681+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750110104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:37.207628+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750112104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:39.153554+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750114104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:41.217867+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750116104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:43.172832+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750118104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:44.873070+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750120104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:46.954397+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750122104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:48.959725+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750124104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:50.895561+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750126104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:52.813417+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750128104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:54.809727+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750130104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:56.775813+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750132104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:08:58.861481+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750134104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:00.963032+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750136104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:02.956083+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750138104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:04.901813+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750140104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:07.009617+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750143104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:09.536638+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750145104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:11.467475+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750147104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:13.192478+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750149104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:14.580109+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750150104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:16.564972+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750152104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:17.951541+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750154104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:20.131508+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750156104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:22.143448+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750158104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:24.192439+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750161104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:25.393437+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750162104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:26.655903+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750164104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:28.752170+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750166104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:31.661687+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750169104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:33.673749+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750171104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:35.379775+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750173104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:37.418985+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750175104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:39.380473+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750177104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:41.036322+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750179104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:43.081739+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750181104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:45.151411+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750183104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:47.128053+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750185104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:48.696454+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750187104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:50.643904+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750189104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:52.651491+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750191104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:54.629888+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750193104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:56.599380+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750195104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:09:58.916841+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750198104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:10:00.997251+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750200104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:10:02.926289+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750202104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:10:04.651554+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750204104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:10:06.673396+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750206104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:10:09.459745+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750208104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:10:14.078251+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750211104.26.4.30443TCP
                                                                                                                                                                                                                                                2024-10-25T18:10:22.908434+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.750213104.26.4.30443TCP

                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.301438093 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.301472902 CEST44349699104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.301551104 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.324584007 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.324601889 CEST44349699104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.949958086 CEST44349699104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.950030088 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.960776091 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.960793972 CEST44349699104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.961117029 CEST44349699104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.000567913 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.029494047 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.075351954 CEST44349699104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.810117006 CEST44349699104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.810179949 CEST44349699104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.810275078 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.819545984 CEST49699443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:14.942851067 CEST49704443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:14.942919016 CEST44349704104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:14.942997932 CEST49704443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:14.943270922 CEST49704443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:14.943305016 CEST44349704104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:15.588037014 CEST44349704104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:15.590516090 CEST49704443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:15.590595961 CEST44349704104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.143786907 CEST44349704104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.143923998 CEST44349704104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.144005060 CEST49704443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.144334078 CEST49704443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.908777952 CEST49707443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.908828020 CEST44349707104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.908893108 CEST49707443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.909151077 CEST49707443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:16.909168959 CEST44349707104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:17.553070068 CEST44349707104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:17.595665932 CEST49707443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:17.595702887 CEST44349707104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:18.238415003 CEST44349707104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:18.238571882 CEST44349707104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:18.238635063 CEST49707443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:18.238976955 CEST49707443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:19.045703888 CEST49715443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:19.045744896 CEST44349715104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:19.045969009 CEST49715443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:19.046302080 CEST49715443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:19.046335936 CEST44349715104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:19.661251068 CEST44349715104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:19.662710905 CEST49715443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:19.662761927 CEST44349715104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:20.262052059 CEST44349715104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:20.262135983 CEST44349715104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:20.262455940 CEST49715443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:20.262806892 CEST49715443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:21.039727926 CEST49723443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:21.039773941 CEST44349723104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:21.039990902 CEST49723443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:21.040224075 CEST49723443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:21.040241957 CEST44349723104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:21.667884111 CEST44349723104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:21.673096895 CEST49723443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:21.673152924 CEST44349723104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.239327908 CEST44349723104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.239397049 CEST44349723104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.239474058 CEST49723443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.239932060 CEST49723443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.986577988 CEST49738443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.986593962 CEST44349738104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.986690998 CEST49738443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.986875057 CEST49738443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:22.986886978 CEST44349738104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:24.022022009 CEST44349738104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:24.023830891 CEST49738443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:24.023844957 CEST44349738104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:24.698086023 CEST44349738104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:24.698148012 CEST44349738104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:24.698493004 CEST49738443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:24.724318027 CEST49738443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:25.536513090 CEST49748443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:25.536597013 CEST44349748104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:25.536806107 CEST49748443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:25.537040949 CEST49748443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:25.537072897 CEST44349748104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:26.226108074 CEST44349748104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:26.228075981 CEST49748443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:26.228099108 CEST44349748104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:26.798844099 CEST44349748104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:26.798922062 CEST44349748104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:26.799006939 CEST49748443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:26.799673080 CEST49748443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:27.773714066 CEST49762443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:27.773756027 CEST44349762104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:27.773838043 CEST49762443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:27.780201912 CEST49762443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:27.780220985 CEST44349762104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:28.392134905 CEST44349762104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:28.394015074 CEST49762443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:28.394038916 CEST44349762104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:29.326437950 CEST44349762104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:29.326531887 CEST44349762104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:29.326680899 CEST49762443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:29.327096939 CEST49762443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.150049925 CEST497796666192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.155483961 CEST666649779185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.155559063 CEST497796666192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.159116983 CEST49780443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.159173965 CEST44349780104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.159245968 CEST49780443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.159656048 CEST49780443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.159677029 CEST44349780104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.764904976 CEST44349780104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.765990973 CEST49780443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.766021013 CEST44349780104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.990547895 CEST666649779185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.991740942 CEST497796666192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.997553110 CEST666649779185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:30.997737885 CEST497796666192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.121206045 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.126699924 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.126876116 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.127116919 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132531881 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132545948 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132560015 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132616997 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132621050 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132635117 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132636070 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132651091 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132667065 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132685900 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132699966 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132721901 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132723093 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132749081 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.132778883 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.133112907 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.133169889 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138036013 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138087034 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138107061 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138144016 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138148069 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138181925 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138212919 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138223886 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138231993 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138242960 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.138294935 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.181087017 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.181334019 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.229039907 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.229166985 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.277045012 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.277297974 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.329004049 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.329086065 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.368053913 CEST44349780104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.368123055 CEST44349780104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.368226051 CEST49780443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.368825912 CEST49780443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.376943111 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.377152920 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.424942017 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.425005913 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.478102922 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.478189945 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.524928093 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.524996042 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.778531075 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.778624058 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.779491901 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.779691935 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.785353899 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.785443068 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786251068 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786319017 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786396980 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786410093 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786421061 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786433935 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786446095 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786475897 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786545992 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786556005 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786557913 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786570072 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786606073 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786621094 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786874056 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786886930 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.786956072 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.787010908 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.787024021 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.787065029 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.787091970 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790429115 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790441990 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790498018 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790596962 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790667057 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790855885 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790903091 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790918112 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790924072 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790954113 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790955067 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.790977001 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791002989 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791012049 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791017056 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791029930 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791044950 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791057110 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791074991 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791080952 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791096926 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791098118 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791134119 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791172981 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791189909 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791249990 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791347027 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791361094 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791373014 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791384935 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791400909 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791409016 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791423082 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791429996 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791434050 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791460037 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791498899 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791551113 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791563988 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791604042 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791618109 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.791661024 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.793010950 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.793118000 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.793348074 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.793407917 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.793621063 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.793678999 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796730995 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796796083 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796816111 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796830893 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796843052 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796864986 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796875954 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796899080 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796909094 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796915054 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.796976089 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797125101 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797188997 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797197104 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797210932 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797224045 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797244072 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797256947 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797264099 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797282934 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797327042 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797386885 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797400951 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797413111 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797425032 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797435999 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797450066 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797451019 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797462940 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797482014 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797497034 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797522068 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797534943 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797547102 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797554970 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797560930 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797574997 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797588110 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797593117 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797610998 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797621965 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797626019 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797655106 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797666073 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797678947 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797693014 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797696114 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797733068 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797760963 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797761917 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797775030 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797787905 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797800064 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797811985 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797825098 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797844887 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797888041 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797889948 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797902107 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797914982 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797928095 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797936916 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797940016 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797954082 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797964096 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797966003 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797979116 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.797992945 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798001051 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798015118 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798026085 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798039913 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798039913 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798052073 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798064947 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798078060 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798080921 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798089981 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798108101 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798113108 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798127890 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798150063 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798188925 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798541069 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798554897 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798577070 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798589945 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798605919 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798619986 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798623085 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798657894 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798675060 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798677921 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798688889 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798712015 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798724890 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798736095 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798737049 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798752069 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798825026 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798837900 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798849106 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798880100 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798892975 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.798917055 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799005985 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799017906 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799030066 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799041986 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799052954 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799074888 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799089909 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799102068 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799226046 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.799240112 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802498102 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802592993 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802606106 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802617073 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802733898 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802747011 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802758932 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802788973 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802802086 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802807093 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802880049 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.802946091 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803004980 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803122044 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803134918 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803179979 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803193092 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803232908 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803246021 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803380013 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803428888 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803495884 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803508997 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803575993 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803699017 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803713083 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803801060 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803889036 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803900957 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803942919 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803956032 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803967953 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803982019 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.803993940 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804054022 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804066896 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804095984 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804250956 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804264069 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804281950 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804331064 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804342985 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804406881 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804428101 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804641962 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804723024 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804735899 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804749012 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804804087 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804882050 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804894924 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804933071 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.804976940 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805072069 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805084944 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805097103 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805111885 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805207014 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805219889 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805233955 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805407047 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805419922 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805430889 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805483103 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805495024 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805516958 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805530071 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805551052 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805562973 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805573940 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805586100 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805597067 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805660009 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805730104 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805747986 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805762053 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805809975 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805821896 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805835009 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805850029 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805861950 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805883884 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805934906 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805948019 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805959940 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.805984020 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806180000 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806193113 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806204081 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806219101 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806231022 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806291103 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806368113 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806380033 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806391954 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806495905 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806509018 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806659937 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806673050 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806685925 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806756020 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806768894 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806780100 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806792974 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806885004 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806902885 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806912899 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806926012 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806986094 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.806998014 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807034969 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807048082 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807059050 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807112932 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807126045 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807137966 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807831049 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807842970 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.807853937 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:31.852957010 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.039262056 CEST665549786185.234.216.181192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.039383888 CEST497866655192.168.2.7185.234.216.181
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.126944065 CEST49793443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.126980066 CEST44349793104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.127223015 CEST49793443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.127389908 CEST49793443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.127398968 CEST44349793104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.735889912 CEST44349793104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.737452030 CEST49793443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:32.737472057 CEST44349793104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:33.451200008 CEST44349793104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:33.451255083 CEST44349793104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:33.451409101 CEST49793443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:33.452049017 CEST49793443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:34.189208984 CEST49805443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:34.189244032 CEST44349805104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:34.189337015 CEST49805443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:34.189680099 CEST49805443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:34.189694881 CEST44349805104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:34.791304111 CEST44349805104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:34.792808056 CEST49805443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:34.792823076 CEST44349805104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:35.345999002 CEST44349805104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:35.346050024 CEST44349805104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:35.346173048 CEST49805443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:35.346653938 CEST49805443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:36.208290100 CEST49821443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:36.208304882 CEST44349821104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:36.208369017 CEST49821443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:36.208647013 CEST49821443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:36.208656073 CEST44349821104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:37.871263981 CEST44349821104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:37.873949051 CEST49821443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:37.873966932 CEST44349821104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:38.472562075 CEST44349821104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:38.472654104 CEST44349821104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:38.472712994 CEST49821443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:38.473145008 CEST49821443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:39.226277113 CEST49834443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:39.226316929 CEST44349834104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:39.226392031 CEST49834443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:39.226829052 CEST49834443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:39.226839066 CEST44349834104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:39.835995913 CEST44349834104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:39.837703943 CEST49834443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:39.837721109 CEST44349834104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:40.415488005 CEST44349834104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:40.415561914 CEST44349834104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:40.415664911 CEST49834443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:40.416165113 CEST49834443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:41.174920082 CEST49846443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:41.174948931 CEST44349846104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:41.175019026 CEST49846443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:41.175287008 CEST49846443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:41.175297022 CEST44349846104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:41.792515993 CEST44349846104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:41.793904066 CEST49846443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:41.793915033 CEST44349846104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:42.423593998 CEST44349846104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:42.423768044 CEST44349846104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:42.423861980 CEST49846443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:42.432523966 CEST49846443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:43.309163094 CEST49858443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:43.309195042 CEST44349858104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:43.309251070 CEST49858443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:43.309484005 CEST49858443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:43.309497118 CEST44349858104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:43.990777969 CEST44349858104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:43.992208958 CEST49858443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:43.992238045 CEST44349858104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:44.540716887 CEST44349858104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:44.540798903 CEST44349858104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:44.540894985 CEST49858443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:44.541455984 CEST49858443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:45.421035051 CEST49870443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:45.421072960 CEST44349870104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:45.421149969 CEST49870443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:45.421390057 CEST49870443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:45.421401978 CEST44349870104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:46.075527906 CEST44349870104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:46.077114105 CEST49870443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:46.077132940 CEST44349870104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:46.996864080 CEST44349870104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:46.997031927 CEST44349870104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:46.997136116 CEST49870443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:46.998994112 CEST49870443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:47.787154913 CEST49886443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:47.787201881 CEST44349886104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:47.787273884 CEST49886443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:47.787497997 CEST49886443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:47.787516117 CEST44349886104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:48.408540964 CEST44349886104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:48.413836956 CEST49886443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:48.413857937 CEST44349886104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:48.988763094 CEST44349886104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:48.988920927 CEST44349886104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:48.988991022 CEST49886443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:48.989289999 CEST49886443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:49.737552881 CEST49899443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:49.737590075 CEST44349899104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:49.737664938 CEST49899443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:49.737895012 CEST49899443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:49.737905025 CEST44349899104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:50.654799938 CEST44349899104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:50.657911062 CEST49899443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:50.657927990 CEST44349899104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:51.269376993 CEST44349899104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:51.269438028 CEST44349899104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:51.269570112 CEST49899443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:51.276599884 CEST49899443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:52.033785105 CEST49914443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:52.033827066 CEST44349914104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:52.033951044 CEST49914443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:52.034172058 CEST49914443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:52.034183025 CEST44349914104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:52.662070990 CEST44349914104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:52.663383007 CEST49914443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:52.663407087 CEST44349914104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:53.241046906 CEST44349914104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:53.241103888 CEST44349914104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:53.241159916 CEST49914443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:53.241552114 CEST49914443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:54.525576115 CEST49926443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:54.525674105 CEST44349926104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:54.525790930 CEST49926443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:54.526036024 CEST49926443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:54.526071072 CEST44349926104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:55.175115108 CEST44349926104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:55.176692009 CEST49926443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:55.176737070 CEST44349926104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:55.744169950 CEST44349926104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:55.744256020 CEST44349926104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:55.744317055 CEST49926443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:55.744744062 CEST49926443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:56.566926003 CEST49941443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:56.566953897 CEST44349941104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:56.567039013 CEST49941443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:56.567245960 CEST49941443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:56.567257881 CEST44349941104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:57.168868065 CEST44349941104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:57.170249939 CEST49941443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:57.170269012 CEST44349941104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:57.739713907 CEST44349941104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:57.739779949 CEST44349941104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:57.739948988 CEST49941443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:57.740364075 CEST49941443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:58.915482998 CEST49954443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:58.915528059 CEST44349954104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:58.915595055 CEST49954443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:58.915883064 CEST49954443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:58.915899992 CEST44349954104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:59.525324106 CEST44349954104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:59.526508093 CEST49954443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:59.526535988 CEST44349954104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:00.096553087 CEST44349954104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:00.096610069 CEST44349954104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:00.096659899 CEST49954443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:00.097095013 CEST49954443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:01.015363932 CEST49966443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:01.015398979 CEST44349966104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:01.015568018 CEST49966443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:01.015816927 CEST49966443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:01.015837908 CEST44349966104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:01.640847921 CEST44349966104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:01.642111063 CEST49966443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:01.642134905 CEST44349966104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:02.214823961 CEST44349966104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:02.214894056 CEST44349966104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:02.214935064 CEST49966443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:02.215265989 CEST49966443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:03.075598001 CEST49983443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:03.075613022 CEST44349983104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:03.075670958 CEST49983443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:03.075844049 CEST49983443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:03.075856924 CEST44349983104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:03.683995008 CEST44349983104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:03.685822010 CEST49983443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:03.685846090 CEST44349983104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.240415096 CEST44349983104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.240528107 CEST44349983104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.240586042 CEST49983443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.240797043 CEST49983443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.994590044 CEST49995443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.994625092 CEST44349995104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.994688988 CEST49995443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.994901896 CEST49995443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:04.994915962 CEST44349995104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:05.618628979 CEST44349995104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:05.619978905 CEST49995443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:05.620012999 CEST44349995104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.163990974 CEST44349995104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.164164066 CEST44349995104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.164277077 CEST49995443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.164479017 CEST49995443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.940238953 CEST50008443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.940274000 CEST44350008104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.940340996 CEST50008443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.942977905 CEST50008443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:06.943003893 CEST44350008104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:07.558825970 CEST44350008104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:07.560048103 CEST50008443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:07.560065031 CEST44350008104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:08.115607023 CEST44350008104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:08.115689993 CEST44350008104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:08.115771055 CEST50008443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:08.117463112 CEST50008443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:09.331682920 CEST50020443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:09.331711054 CEST44350020104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:09.331854105 CEST50020443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:09.332031965 CEST50020443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:09.332046032 CEST44350020104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:09.977931023 CEST44350020104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:09.979104996 CEST50020443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:09.979125977 CEST44350020104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:10.537230015 CEST44350020104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:10.537379026 CEST44350020104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:10.537539959 CEST50020443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:10.537781000 CEST50020443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:11.347872019 CEST50030443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:11.347899914 CEST44350030104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:11.347968102 CEST50030443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:11.348201990 CEST50030443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:11.348213911 CEST44350030104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:12.031919956 CEST44350030104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:12.033329964 CEST50030443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:12.033345938 CEST44350030104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:12.666856050 CEST44350030104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:12.666918993 CEST44350030104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:12.667078018 CEST50030443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:12.667438030 CEST50030443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:14.459908009 CEST50032443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:14.459964991 CEST44350032104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:14.460042953 CEST50032443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:14.460251093 CEST50032443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:14.460269928 CEST44350032104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.075874090 CEST44350032104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.077229023 CEST50032443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.077260017 CEST44350032104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.646133900 CEST44350032104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.646217108 CEST44350032104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.646365881 CEST50032443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.669436932 CEST50032443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:16.466931105 CEST50034443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:16.466968060 CEST44350034104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:16.467041969 CEST50034443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:16.467288971 CEST50034443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:16.467303038 CEST44350034104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:17.085716963 CEST44350034104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:17.086888075 CEST50034443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:17.086905003 CEST44350034104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:17.362905979 CEST44350034104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:17.362967014 CEST44350034104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:17.363038063 CEST50034443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:17.363409996 CEST50034443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:18.121740103 CEST50036443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:18.121787071 CEST44350036104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:18.121860981 CEST50036443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:18.122097015 CEST50036443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:18.122117996 CEST44350036104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:18.823854923 CEST44350036104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:18.856544018 CEST50036443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:18.856575966 CEST44350036104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:19.415039062 CEST44350036104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:19.415092945 CEST44350036104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:19.415216923 CEST50036443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:19.416059971 CEST50036443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:20.198767900 CEST50038443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:20.198805094 CEST44350038104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:20.198977947 CEST50038443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:20.202908039 CEST50038443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:20.202925920 CEST44350038104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:20.813898087 CEST44350038104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:20.815519094 CEST50038443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:20.815557957 CEST44350038104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:21.368079901 CEST44350038104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:21.368155003 CEST44350038104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:21.368200064 CEST50038443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:21.368535042 CEST50038443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:22.138488054 CEST50040443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:22.138546944 CEST44350040104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:22.138840914 CEST50040443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:22.138987064 CEST50040443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:22.138997078 CEST44350040104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:22.747349024 CEST44350040104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:22.748938084 CEST50040443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:22.748963118 CEST44350040104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:23.378206968 CEST44350040104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:23.378351927 CEST44350040104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:23.378417015 CEST50040443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:23.386214972 CEST50040443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:24.163099051 CEST50042443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:24.163130045 CEST44350042104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:24.163284063 CEST50042443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:24.163660049 CEST50042443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:24.163675070 CEST44350042104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:24.772150993 CEST44350042104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:24.773952961 CEST50042443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:24.773978949 CEST44350042104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:25.337407112 CEST44350042104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:25.337469101 CEST44350042104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:25.337513924 CEST50042443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:25.337965965 CEST50042443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:26.095581055 CEST50044443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:26.095674992 CEST44350044104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:26.095801115 CEST50044443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:26.096116066 CEST50044443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:26.096149921 CEST44350044104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:26.707499027 CEST44350044104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:26.709160089 CEST50044443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:26.709239006 CEST44350044104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:27.289602041 CEST44350044104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:27.289670944 CEST44350044104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:27.289733887 CEST50044443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:27.290149927 CEST50044443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:28.190011978 CEST50046443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:28.190032005 CEST44350046104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:28.190169096 CEST50046443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:28.190345049 CEST50046443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:28.190355062 CEST44350046104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:29.811011076 CEST44350046104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:29.814023972 CEST50046443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:29.814039946 CEST44350046104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:30.387936115 CEST44350046104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:30.388015985 CEST44350046104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:30.388436079 CEST50046443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:30.388452053 CEST44350046104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:30.388479948 CEST50046443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:30.388663054 CEST50046443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:31.125566959 CEST50048443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:31.125586987 CEST44350048104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:31.125653028 CEST50048443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:31.126337051 CEST50048443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:31.126351118 CEST44350048104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:31.745896101 CEST44350048104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:31.750021935 CEST50048443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:31.750055075 CEST44350048104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:32.300204039 CEST44350048104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:32.300276995 CEST44350048104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:32.300400972 CEST50048443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:32.300925970 CEST50048443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:33.068300009 CEST50050443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:33.068325996 CEST44350050104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:33.068423033 CEST50050443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:33.068723917 CEST50050443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:33.068734884 CEST44350050104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:33.681071043 CEST44350050104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:33.685925007 CEST50050443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:33.685946941 CEST44350050104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.308046103 CEST44350050104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.308106899 CEST50050443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.308119059 CEST44350050104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.308129072 CEST44350050104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.308149099 CEST50050443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.308195114 CEST50050443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.308195114 CEST50050443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.316596031 CEST50051443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.316641092 CEST44350051104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.316775084 CEST50051443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.317050934 CEST50051443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.317065954 CEST44350051104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.876333952 CEST50051443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.881123066 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.881200075 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.881287098 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.881666899 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.881701946 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.923336983 CEST44350051104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.937781096 CEST44350051104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:34.937841892 CEST50051443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:35.505500078 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:35.505621910 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:35.507493973 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:35.507524014 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:35.507930040 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:35.508783102 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:35.551326990 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.073954105 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.074040890 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.074528933 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.074593067 CEST44350052104.26.5.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.074635029 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.075654030 CEST50052443192.168.2.7104.26.5.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.843516111 CEST50054443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.843543053 CEST44350054104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.843600988 CEST50054443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.843908072 CEST50054443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.843916893 CEST44350054104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:37.448347092 CEST44350054104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:37.449951887 CEST50054443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:37.449979067 CEST44350054104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.046448946 CEST44350054104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.046508074 CEST44350054104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.046614885 CEST50054443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.047018051 CEST50054443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.935822010 CEST50056443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.935909986 CEST44350056104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.935980082 CEST50056443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.936233997 CEST50056443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:38.936268091 CEST44350056104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:39.555166960 CEST44350056104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:39.556451082 CEST50056443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:39.556526899 CEST44350056104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.112886906 CEST44350056104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.112957954 CEST44350056104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.113440990 CEST50056443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.113440990 CEST50056443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.862617016 CEST50058443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.862647057 CEST44350058104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.862709999 CEST50058443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.863059044 CEST50058443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:40.863070965 CEST44350058104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:41.484745979 CEST44350058104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:41.486404896 CEST50058443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:41.486427069 CEST44350058104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.033988953 CEST44350058104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.034054995 CEST44350058104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.034137011 CEST50058443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.035634995 CEST50058443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.793462992 CEST50060443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.793504953 CEST44350060104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.793567896 CEST50060443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.793982029 CEST50060443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:42.793991089 CEST44350060104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.421291113 CEST44350060104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.423016071 CEST50060443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.423039913 CEST44350060104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.990899086 CEST44350060104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.990958929 CEST44350060104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.991358995 CEST50060443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.991370916 CEST44350060104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.991400957 CEST50060443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:43.991688967 CEST50060443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:44.732944012 CEST50062443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:44.732960939 CEST44350062104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:44.733016014 CEST50062443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:44.733319998 CEST50062443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:44.733329058 CEST44350062104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:45.346149921 CEST44350062104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:45.347954988 CEST50062443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:45.347974062 CEST44350062104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:45.934638023 CEST44350062104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:45.934700012 CEST44350062104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:45.937196970 CEST50062443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:45.937196970 CEST50062443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:46.176809072 CEST50064443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:46.176839113 CEST44350064104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:46.180833101 CEST50064443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:46.184792042 CEST50064443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:46.184803009 CEST44350064104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.124083042 CEST44350064104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.126384974 CEST50064443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.126400948 CEST44350064104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.695617914 CEST44350064104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.695667028 CEST44350064104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.701229095 CEST50064443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.701229095 CEST50064443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.739356995 CEST50066443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.739387989 CEST44350066104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.743164062 CEST50066443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.743791103 CEST50066443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:47.743799925 CEST44350066104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:48.357948065 CEST44350066104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:48.359483004 CEST50066443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:48.359507084 CEST44350066104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:48.949172020 CEST44350066104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:48.949217081 CEST44350066104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:48.949265003 CEST50066443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:48.949762106 CEST50066443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:49.711218119 CEST50068443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:49.711237907 CEST44350068104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:49.719345093 CEST50068443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:49.719345093 CEST50068443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:49.719376087 CEST44350068104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:50.338504076 CEST44350068104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:50.344818115 CEST50068443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:50.344852924 CEST44350068104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:50.936182976 CEST44350068104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:50.936352968 CEST44350068104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:50.936408997 CEST50068443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:50.936841965 CEST50068443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:51.712805033 CEST50070443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:51.712886095 CEST44350070104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:51.712985992 CEST50070443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:51.716841936 CEST50070443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:51.716878891 CEST44350070104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:52.343697071 CEST44350070104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:52.348808050 CEST50070443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:52.348897934 CEST44350070104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:52.938637018 CEST44350070104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:52.938798904 CEST44350070104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:52.938869953 CEST50070443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:52.939462900 CEST50070443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:53.852900982 CEST50072443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:53.852926970 CEST44350072104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:53.853027105 CEST50072443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:53.853275061 CEST50072443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:53.853287935 CEST44350072104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:54.468842030 CEST44350072104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:54.472584963 CEST50072443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:54.472601891 CEST44350072104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:55.053195000 CEST44350072104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:55.053354025 CEST44350072104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:55.053451061 CEST50072443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:55.053817034 CEST50072443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:56.724462032 CEST50074443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:56.724495888 CEST44350074104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:56.724610090 CEST50074443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:56.724908113 CEST50074443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:56.724920988 CEST44350074104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:57.343277931 CEST44350074104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:57.344599009 CEST50074443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:57.344630957 CEST44350074104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:57.902137995 CEST44350074104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:57.902213097 CEST44350074104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:57.903337002 CEST50074443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:57.903337002 CEST50074443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:58.781511068 CEST50076443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:58.781562090 CEST44350076104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:58.781625032 CEST50076443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:58.784688950 CEST50076443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:58.784704924 CEST44350076104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:59.451618910 CEST44350076104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:59.453305960 CEST50076443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:59.453327894 CEST44350076104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.028044939 CEST44350076104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.028218985 CEST44350076104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.028537989 CEST50076443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.028562069 CEST50076443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.795011044 CEST50078443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.795041084 CEST44350078104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.795100927 CEST50078443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.795353889 CEST50078443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:00.795372009 CEST44350078104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.423275948 CEST44350078104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.425205946 CEST50078443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.425223112 CEST44350078104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.993163109 CEST44350078104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.993313074 CEST44350078104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.994544029 CEST50078443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.994544029 CEST50078443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.994555950 CEST44350078104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:01.994822025 CEST50078443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:02.890448093 CEST50080443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:02.890502930 CEST44350080104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:02.890568972 CEST50080443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:02.890957117 CEST50080443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:02.890978098 CEST44350080104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:03.534918070 CEST44350080104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:03.536178112 CEST50080443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:03.536210060 CEST44350080104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:04.127684116 CEST44350080104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:04.127826929 CEST44350080104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:04.127916098 CEST50080443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:04.128333092 CEST50080443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:05.004966021 CEST50082443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:05.005022049 CEST44350082104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:05.005081892 CEST50082443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:05.005539894 CEST50082443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:05.005559921 CEST44350082104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:05.638663054 CEST44350082104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:05.640137911 CEST50082443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:05.640173912 CEST44350082104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.193880081 CEST44350082104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.194035053 CEST44350082104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.194180012 CEST50082443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.194634914 CEST50082443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.962755919 CEST50084443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.962850094 CEST44350084104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.962928057 CEST50084443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.963257074 CEST50084443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:06.963310003 CEST44350084104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:07.576078892 CEST44350084104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:07.594600916 CEST50084443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:07.594634056 CEST44350084104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.152087927 CEST44350084104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.152266026 CEST44350084104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.152364969 CEST50084443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.152601004 CEST50084443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.899235964 CEST50086443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.899293900 CEST44350086104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.899399996 CEST50086443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.899636984 CEST50086443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:08.899665117 CEST44350086104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:09.531816006 CEST44350086104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:09.534076929 CEST50086443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:09.534162998 CEST44350086104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.080120087 CEST44350086104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.080286026 CEST44350086104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.082310915 CEST50086443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.082413912 CEST44350086104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.082493067 CEST50086443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.082539082 CEST50086443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.833512068 CEST50088443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.833550930 CEST44350088104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.833620071 CEST50088443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.833890915 CEST50088443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:10.833904982 CEST44350088104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:11.453577995 CEST44350088104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:11.455554008 CEST50088443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:11.455579996 CEST44350088104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:11.757411003 CEST44350088104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:11.757498980 CEST44350088104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:11.757658005 CEST50088443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:11.759242058 CEST50088443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:12.525019884 CEST50090443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:12.525054932 CEST44350090104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:12.525316000 CEST50090443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:12.525691986 CEST50090443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:12.525702953 CEST44350090104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:13.154817104 CEST44350090104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:13.156904936 CEST50090443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:13.156934977 CEST44350090104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:13.738518000 CEST44350090104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:13.738601923 CEST44350090104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:13.738938093 CEST50090443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:13.739327908 CEST50090443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:14.499329090 CEST50092443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:14.499373913 CEST44350092104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:14.503459930 CEST50092443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:14.503814936 CEST50092443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:14.503838062 CEST44350092104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:15.120397091 CEST44350092104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:15.122119904 CEST50092443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:15.122140884 CEST44350092104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.194477081 CEST44350092104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.194545031 CEST44350092104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.195038080 CEST50092443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.195038080 CEST50092443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.195067883 CEST44350092104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.195338964 CEST50092443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.956397057 CEST50094443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.956440926 CEST44350094104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.956501961 CEST50094443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.956774950 CEST50094443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.956792116 CEST44350094104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:17.572633028 CEST44350094104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:17.574321032 CEST50094443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:17.574352980 CEST44350094104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.160521984 CEST44350094104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.160728931 CEST44350094104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.163500071 CEST50094443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.167347908 CEST50094443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.347490072 CEST50096443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.347572088 CEST44350096104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.347707987 CEST50096443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.348135948 CEST50096443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.348161936 CEST44350096104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.993211031 CEST44350096104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.994714022 CEST50096443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:18.994751930 CEST44350096104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:19.631563902 CEST44350096104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:19.631643057 CEST44350096104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:19.631697893 CEST50096443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:19.632189035 CEST50096443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:20.404819012 CEST50098443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:20.404856920 CEST44350098104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:20.408876896 CEST50098443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:20.412817955 CEST50098443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:20.412834883 CEST44350098104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:21.023394108 CEST44350098104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:21.025190115 CEST50098443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:21.025233030 CEST44350098104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:21.632478952 CEST44350098104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:21.632677078 CEST44350098104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:21.632745028 CEST50098443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:21.632949114 CEST50098443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:22.370856047 CEST50100443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:22.370893955 CEST44350100104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:22.370980024 CEST50100443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:22.371457100 CEST50100443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:22.371470928 CEST44350100104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:22.992954016 CEST44350100104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:22.994414091 CEST50100443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:22.994432926 CEST44350100104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:23.572973013 CEST44350100104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:23.573134899 CEST44350100104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:23.573185921 CEST50100443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:23.573532104 CEST50100443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:24.560561895 CEST50102443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:24.560589075 CEST44350102104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:24.561106920 CEST50102443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:24.561106920 CEST50102443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:24.561127901 CEST44350102104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:25.189966917 CEST44350102104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:25.191602945 CEST50102443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:25.191628933 CEST44350102104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:25.742520094 CEST44350102104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:25.742664099 CEST44350102104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:25.742726088 CEST50102443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:25.743132114 CEST50102443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:26.516846895 CEST50104443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:26.516952038 CEST44350104104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:26.517714024 CEST50104443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:26.517714024 CEST50104443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:26.517796993 CEST44350104104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:27.138500929 CEST44350104104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:27.140295029 CEST50104443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:27.140389919 CEST44350104104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:27.717407942 CEST44350104104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:27.717586040 CEST44350104104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:27.717668056 CEST50104443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:27.717957020 CEST50104443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:28.595267057 CEST50106443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:28.595294952 CEST44350106104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:28.595751047 CEST50106443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:28.596828938 CEST50106443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:28.596842051 CEST44350106104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:29.231878996 CEST44350106104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:29.282351971 CEST50106443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:29.286964893 CEST50106443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:29.286979914 CEST44350106104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:29.570871115 CEST44350106104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:29.570936918 CEST44350106104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:29.571007013 CEST50106443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:29.572046041 CEST50106443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:30.458945990 CEST50108443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:30.458995104 CEST44350108104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:30.459127903 CEST50108443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:30.463047981 CEST50108443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:30.463064909 CEST44350108104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:33.138022900 CEST44350108104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:33.139589071 CEST50108443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:33.139616966 CEST44350108104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:33.735215902 CEST44350108104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:33.735280037 CEST44350108104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:33.735361099 CEST50108443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:33.735690117 CEST50108443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:34.099338055 CEST50110443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:34.099374056 CEST44350110104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:34.099951982 CEST50110443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:34.102642059 CEST50110443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:34.102657080 CEST44350110104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:34.713371992 CEST44350110104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:34.720843077 CEST50110443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:34.720874071 CEST44350110104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:35.280626059 CEST44350110104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:35.280745983 CEST44350110104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:35.280797958 CEST50110443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:35.281222105 CEST50110443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:36.028938055 CEST50112443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:36.029016018 CEST44350112104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:36.029110909 CEST50112443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:36.029412985 CEST50112443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:36.029432058 CEST44350112104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:36.646586895 CEST44350112104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:36.648843050 CEST50112443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:36.648869038 CEST44350112104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.207627058 CEST44350112104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.207701921 CEST44350112104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.207753897 CEST50112443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.208178043 CEST50112443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.954988956 CEST50114443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.955033064 CEST44350114104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.959337950 CEST50114443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.963140011 CEST50114443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:37.963176012 CEST44350114104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:38.573718071 CEST44350114104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:38.580894947 CEST50114443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:38.580929041 CEST44350114104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:39.153580904 CEST44350114104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:39.153636932 CEST44350114104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:39.153691053 CEST50114443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:39.154160023 CEST50114443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:40.020989895 CEST50116443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:40.021023989 CEST44350116104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:40.024899006 CEST50116443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:40.025373936 CEST50116443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:40.025384903 CEST44350116104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:40.648981094 CEST44350116104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:40.654371977 CEST50116443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:40.654401064 CEST44350116104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.217895985 CEST44350116104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.217969894 CEST44350116104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.218020916 CEST50116443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.218502998 CEST50116443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.985727072 CEST50118443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.985764027 CEST44350118104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.986115932 CEST50118443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.987405062 CEST50118443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:41.987417936 CEST44350118104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:42.604342937 CEST44350118104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:42.612881899 CEST50118443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:42.612912893 CEST44350118104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.172857046 CEST44350118104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.172940016 CEST44350118104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.172990084 CEST50118443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.173547983 CEST50118443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.914820910 CEST50120443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.914861917 CEST44350120104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.920911074 CEST50120443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.920911074 CEST50120443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:43.920947075 CEST44350120104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:44.546390057 CEST44350120104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:44.552920103 CEST50120443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:44.552932978 CEST44350120104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:44.873083115 CEST44350120104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:44.873182058 CEST44350120104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:44.873236895 CEST50120443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:44.873754978 CEST50120443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:45.655981064 CEST50122443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:45.656013966 CEST44350122104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:45.656100035 CEST50122443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:45.656323910 CEST50122443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:45.656336069 CEST44350122104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:46.336628914 CEST44350122104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:46.338020086 CEST50122443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:46.338037968 CEST44350122104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:46.954374075 CEST44350122104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:46.954457998 CEST44350122104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:46.954538107 CEST50122443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:46.954969883 CEST50122443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:47.710777044 CEST50124443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:47.710819006 CEST44350124104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:47.710882902 CEST50124443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:47.711220980 CEST50124443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:47.711230993 CEST44350124104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:48.334055901 CEST44350124104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:48.336846113 CEST50124443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:48.336880922 CEST44350124104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:48.959780931 CEST44350124104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:48.959945917 CEST44350124104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:48.960014105 CEST50124443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:48.960401058 CEST50124443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:49.696563959 CEST50126443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:49.696585894 CEST44350126104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:49.696640968 CEST50126443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:49.696964979 CEST50126443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:49.696974993 CEST44350126104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:50.320326090 CEST44350126104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:50.321660042 CEST50126443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:50.321692944 CEST44350126104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:50.895524025 CEST44350126104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:50.895606995 CEST44350126104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:50.895658970 CEST50126443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:50.896394014 CEST50126443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:51.641024113 CEST50128443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:51.641060114 CEST44350128104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:51.641134024 CEST50128443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:51.641377926 CEST50128443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:51.641387939 CEST44350128104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:52.256196976 CEST44350128104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:52.260481119 CEST50128443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:52.260502100 CEST44350128104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:52.813442945 CEST44350128104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:52.813515902 CEST44350128104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:52.813730001 CEST50128443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:52.815023899 CEST50128443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:53.608068943 CEST50130443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:53.608095884 CEST44350130104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:53.608165979 CEST50130443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:53.612116098 CEST50130443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:53.612123966 CEST44350130104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:54.222476959 CEST44350130104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:54.224189043 CEST50130443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:54.224205971 CEST44350130104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:54.809798956 CEST44350130104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:54.809958935 CEST44350130104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:54.810048103 CEST50130443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:54.811594009 CEST50130443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:55.577959061 CEST50132443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:55.578048944 CEST44350132104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:55.578129053 CEST50132443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:55.578429937 CEST50132443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:55.578479052 CEST44350132104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:56.199173927 CEST44350132104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:56.202913046 CEST50132443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:56.202987909 CEST44350132104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:56.775861025 CEST44350132104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:56.776053905 CEST44350132104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:56.776810884 CEST50132443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:56.786740065 CEST50132443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:57.692847013 CEST50134443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:57.692925930 CEST44350134104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:57.693012953 CEST50134443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:57.693685055 CEST50134443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:57.693715096 CEST44350134104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:58.312647104 CEST44350134104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:58.317310095 CEST50134443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:58.317378044 CEST44350134104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:58.861391068 CEST44350134104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:58.861478090 CEST44350134104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:58.861536980 CEST50134443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:58.862442970 CEST50134443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:59.780802965 CEST50136443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:59.780872107 CEST44350136104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:59.780932903 CEST50136443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:59.781325102 CEST50136443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:59.781342030 CEST44350136104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:00.397842884 CEST44350136104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:00.400876045 CEST50136443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:00.400916100 CEST44350136104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:00.963028908 CEST44350136104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:00.963107109 CEST44350136104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:00.963155031 CEST50136443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:00.963655949 CEST50136443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:01.722646952 CEST50138443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:01.722681046 CEST44350138104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:01.722779036 CEST50138443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:01.723017931 CEST50138443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:01.723035097 CEST44350138104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:02.348994970 CEST44350138104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:02.352303982 CEST50138443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:02.352332115 CEST44350138104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:02.956096888 CEST44350138104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:02.956165075 CEST44350138104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:02.956213951 CEST50138443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:02.957133055 CEST50138443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:03.713932037 CEST50140443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:03.714035988 CEST44350140104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:03.714123964 CEST50140443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:03.714391947 CEST50140443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:03.714425087 CEST44350140104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:04.339998007 CEST44350140104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:04.348867893 CEST50140443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:04.348898888 CEST44350140104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:04.901855946 CEST44350140104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:04.902007103 CEST44350140104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:04.902054071 CEST50140443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:04.902708054 CEST50140443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.798938990 CEST50142443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.798964024 CEST44350142104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.799228907 CEST50142443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.799228907 CEST50142443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.799253941 CEST44350142104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.829912901 CEST50142443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.832942009 CEST50143443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.832973003 CEST44350143104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.833260059 CEST50143443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.833688974 CEST50143443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.833698988 CEST44350143104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:05.875340939 CEST44350142104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.450731039 CEST44350143104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.450862885 CEST50143443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.455080032 CEST50143443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.455091000 CEST44350143104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.455442905 CEST44350143104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.456589937 CEST50143443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.460989952 CEST44350142104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.461127996 CEST50142443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:06.503329039 CEST44350143104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.009440899 CEST44350143104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.009507895 CEST44350143104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.009571075 CEST50143443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.010032892 CEST50143443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.859939098 CEST50145443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.859966993 CEST44350145104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.863214016 CEST50145443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.863214016 CEST50145443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:07.863238096 CEST44350145104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:08.732878923 CEST44350145104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:08.734225035 CEST50145443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:08.734256983 CEST44350145104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:09.536559105 CEST44350145104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:09.536734104 CEST44350145104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:09.536789894 CEST50145443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:09.537271023 CEST50145443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:10.293962002 CEST50147443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:10.294001102 CEST44350147104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:10.294260979 CEST50147443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:10.295285940 CEST50147443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:10.295303106 CEST44350147104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:10.907680988 CEST44350147104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:10.913523912 CEST50147443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:10.913543940 CEST44350147104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:11.467544079 CEST44350147104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:11.467729092 CEST44350147104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:11.467787027 CEST50147443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:11.468266964 CEST50147443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:12.241517067 CEST50149443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:12.241535902 CEST44350149104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:12.241697073 CEST50149443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:12.242069960 CEST50149443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:12.242084980 CEST44350149104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:12.854662895 CEST44350149104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:12.859055996 CEST50149443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:12.859098911 CEST44350149104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:13.191983938 CEST50149443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:13.192126989 CEST44350149104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:13.192214966 CEST50149443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:13.196069002 CEST50150443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:13.196105957 CEST44350150104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:13.196171999 CEST50150443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:13.196441889 CEST50150443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:13.196455002 CEST44350150104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.015064955 CEST44350150104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.015197039 CEST50150443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.018452883 CEST50150443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.018484116 CEST44350150104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.018876076 CEST44350150104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.019912004 CEST50150443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.067380905 CEST44350150104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.580184937 CEST44350150104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.580338955 CEST44350150104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.585059881 CEST50150443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:14.593782902 CEST50150443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:15.396548033 CEST50152443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:15.396584988 CEST44350152104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:15.396639109 CEST50152443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:15.397000074 CEST50152443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:15.397012949 CEST44350152104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.010360003 CEST44350152104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.012301922 CEST50152443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.012327909 CEST44350152104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.565000057 CEST44350152104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.565074921 CEST44350152104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.565180063 CEST50152443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.566122055 CEST50152443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.707525015 CEST50154443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.707566977 CEST44350154104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.713212967 CEST50154443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.713212967 CEST50154443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.713248014 CEST44350154104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:17.327788115 CEST44350154104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:17.381927967 CEST50154443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:17.381964922 CEST44350154104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:17.951539993 CEST44350154104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:17.951592922 CEST44350154104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:17.953953028 CEST50154443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:17.957346916 CEST50154443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:18.922363997 CEST50156443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:18.922400951 CEST44350156104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:18.922487020 CEST50156443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:18.922902107 CEST50156443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:18.922910929 CEST44350156104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:19.549616098 CEST44350156104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:19.551338911 CEST50156443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:19.551371098 CEST44350156104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.131513119 CEST44350156104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.131598949 CEST44350156104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.136112928 CEST50156443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.136818886 CEST50156443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.903819084 CEST50158443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.903846025 CEST44350158104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.903915882 CEST50158443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.904436111 CEST50158443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:20.904448032 CEST44350158104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:21.551894903 CEST44350158104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:21.553708076 CEST50158443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:21.553724051 CEST44350158104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.143481016 CEST44350158104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.143558979 CEST44350158104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.143829107 CEST50158443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.144556999 CEST50158443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.923944950 CEST50160443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.923962116 CEST44350160104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.924021959 CEST50160443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.924319983 CEST50160443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.924333096 CEST44350160104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.423546076 CEST50160443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.427299023 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.427340031 CEST44350161104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.427393913 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.427755117 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.427767038 CEST44350161104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.467336893 CEST44350160104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.550024986 CEST44350160104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:23.550081968 CEST50160443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.081609011 CEST44350161104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.082195044 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.084034920 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.084043980 CEST44350161104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.084315062 CEST44350161104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.087299109 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.131329060 CEST44350161104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.191946030 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.192023993 CEST44350161104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.192203999 CEST44350161104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.192727089 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.192727089 CEST50161443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.194952011 CEST50162443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.194983959 CEST44350162104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.199704885 CEST50162443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.204891920 CEST50162443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.204909086 CEST44350162104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.823559046 CEST44350162104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.825371981 CEST50162443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.825371981 CEST50162443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.825392008 CEST44350162104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.825687885 CEST44350162104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.831214905 CEST50162443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:24.875323057 CEST44350162104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.393426895 CEST44350162104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.393491983 CEST44350162104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.393543959 CEST50162443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.394056082 CEST50162443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.722549915 CEST50164443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.722604036 CEST44350164104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.722672939 CEST50164443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.722907066 CEST50164443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:25.722919941 CEST44350164104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:26.343437910 CEST44350164104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:26.375122070 CEST50164443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:26.375164032 CEST44350164104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:26.655786037 CEST44350164104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:26.655853987 CEST44350164104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:26.659045935 CEST50164443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:26.669697046 CEST50164443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:27.417650938 CEST50166443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:27.417682886 CEST44350166104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:27.417747021 CEST50166443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:27.417972088 CEST50166443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:27.417983055 CEST44350166104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:28.188718081 CEST44350166104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:28.190356016 CEST50166443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:28.190376997 CEST44350166104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:28.752120018 CEST44350166104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:28.752186060 CEST44350166104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:28.752516031 CEST50166443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:28.752890110 CEST50166443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.400950909 CEST50168443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.400979996 CEST44350168104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.401324987 CEST50168443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.404880047 CEST50168443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.404898882 CEST44350168104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.440948009 CEST50168443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.441761971 CEST50169443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.441803932 CEST44350169104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.441890001 CEST50169443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.442209959 CEST50169443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.442229033 CEST44350169104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:30.487339973 CEST44350168104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.022114038 CEST44350168104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.022175074 CEST50168443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.087888956 CEST44350169104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.087959051 CEST50169443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.090174913 CEST50169443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.090183020 CEST44350169104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.090449095 CEST44350169104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.091447115 CEST50169443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.135344028 CEST44350169104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.661636114 CEST44350169104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.661699057 CEST44350169104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.661742926 CEST50169443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:31.662303925 CEST50169443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:32.477055073 CEST50171443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:32.477091074 CEST44350171104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:32.477256060 CEST50171443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:32.479051113 CEST50171443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:32.479062080 CEST44350171104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:33.095736980 CEST44350171104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:33.097412109 CEST50171443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:33.097433090 CEST44350171104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:33.673810005 CEST44350171104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:33.673974991 CEST44350171104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:33.674052000 CEST50171443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:33.674375057 CEST50171443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:34.453234911 CEST50173443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:34.453278065 CEST44350173104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:34.453702927 CEST50173443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:34.454946041 CEST50173443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:34.454957962 CEST44350173104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:35.090553999 CEST44350173104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:35.092221022 CEST50173443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:35.092247009 CEST44350173104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:35.379843950 CEST44350173104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:35.380001068 CEST44350173104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:35.380057096 CEST50173443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:35.380424023 CEST50173443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:36.246560097 CEST50175443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:36.246593952 CEST44350175104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:36.246731043 CEST50175443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:36.246982098 CEST50175443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:36.246994019 CEST44350175104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:36.868741989 CEST44350175104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:36.870568991 CEST50175443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:36.870596886 CEST44350175104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:37.418900013 CEST44350175104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:37.419097900 CEST44350175104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:37.419147015 CEST50175443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:37.422355890 CEST50175443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:38.179914951 CEST50177443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:38.179940939 CEST44350177104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:38.180098057 CEST50177443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:38.182749033 CEST50177443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:38.182760954 CEST44350177104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:38.801779032 CEST44350177104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:38.808936119 CEST50177443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:38.808969021 CEST44350177104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:39.380377054 CEST44350177104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:39.380532980 CEST44350177104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:39.380588055 CEST50177443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:39.381023884 CEST50177443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:40.139591932 CEST50179443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:40.139605045 CEST44350179104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:40.139717102 CEST50179443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:40.142949104 CEST50179443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:40.142959118 CEST44350179104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:40.753804922 CEST44350179104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:40.760340929 CEST50179443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:40.760368109 CEST44350179104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.036257029 CEST44350179104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.036307096 CEST44350179104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.036364079 CEST50179443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.037030935 CEST50179443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.900862932 CEST50181443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.900891066 CEST44350181104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.900958061 CEST50181443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.901185989 CEST50181443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:41.901197910 CEST44350181104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:42.517582893 CEST44350181104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:42.520935059 CEST50181443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:42.520963907 CEST44350181104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.081746101 CEST44350181104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.081832886 CEST44350181104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.081877947 CEST50181443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.082355976 CEST50181443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.960938931 CEST50183443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.960968971 CEST44350183104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.964036942 CEST50183443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.966953039 CEST50183443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:43.966969967 CEST44350183104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:44.586232901 CEST44350183104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:44.591360092 CEST50183443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:44.591377020 CEST44350183104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.151524067 CEST44350183104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.151698112 CEST44350183104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.151755095 CEST50183443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.152235985 CEST50183443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.901266098 CEST50185443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.901299000 CEST44350185104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.901415110 CEST50185443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.901717901 CEST50185443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:45.901731968 CEST44350185104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:46.521827936 CEST44350185104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:46.524513006 CEST50185443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:46.524549007 CEST44350185104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.128150940 CEST44350185104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.128323078 CEST44350185104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.128395081 CEST50185443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.128774881 CEST50185443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.491784096 CEST50187443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.491818905 CEST44350187104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.491875887 CEST50187443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.492278099 CEST50187443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:47.492286921 CEST44350187104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:48.114244938 CEST44350187104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:48.116956949 CEST50187443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:48.116975069 CEST44350187104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:48.696471930 CEST44350187104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:48.696557045 CEST44350187104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:48.697384119 CEST50187443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:48.697384119 CEST50187443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:49.460263968 CEST50189443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:49.460305929 CEST44350189104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:49.460377932 CEST50189443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:49.460613012 CEST50189443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:49.460629940 CEST44350189104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:50.093198061 CEST44350189104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:50.094965935 CEST50189443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:50.095050097 CEST44350189104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:50.643923998 CEST44350189104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:50.644007921 CEST44350189104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:50.644184113 CEST50189443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:50.644958019 CEST50189443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:51.472284079 CEST50191443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:51.472346067 CEST44350191104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:51.472414017 CEST50191443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:51.472768068 CEST50191443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:51.472795010 CEST44350191104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:52.092264891 CEST44350191104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:52.097038984 CEST50191443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:52.097085953 CEST44350191104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:52.651500940 CEST44350191104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:52.651560068 CEST44350191104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:52.652175903 CEST50191443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:52.652175903 CEST50191443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:53.419930935 CEST50193443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:53.419965982 CEST44350193104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:53.420022011 CEST50193443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:53.420310020 CEST50193443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:53.420325994 CEST44350193104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:54.031300068 CEST44350193104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:54.034221888 CEST50193443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:54.034248114 CEST44350193104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:54.629897118 CEST44350193104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:54.629970074 CEST44350193104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:54.630055904 CEST50193443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:54.630527020 CEST50193443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:55.400391102 CEST50195443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:55.400420904 CEST44350195104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:55.400481939 CEST50195443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:55.400878906 CEST50195443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:55.400892019 CEST44350195104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:56.033926010 CEST44350195104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:56.035495996 CEST50195443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:56.035518885 CEST44350195104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:56.599412918 CEST44350195104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:56.599492073 CEST44350195104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:56.599811077 CEST50195443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:56.600946903 CEST50195443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.406929970 CEST50197443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.406963110 CEST44350197104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.407021999 CEST50197443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.407429934 CEST50197443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.407440901 CEST44350197104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.673764944 CEST50197443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.676897049 CEST50198443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.676996946 CEST44350198104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.677077055 CEST50198443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.677407026 CEST50198443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.677458048 CEST44350198104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:57.715325117 CEST44350197104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.016997099 CEST44350197104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.017179966 CEST44350197104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.020067930 CEST50197443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.020067930 CEST50197443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.326339006 CEST44350198104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.326529026 CEST50198443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.354062080 CEST50198443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.354100943 CEST44350198104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.354468107 CEST44350198104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.355529070 CEST50198443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.399343014 CEST44350198104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.916858912 CEST44350198104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.916924953 CEST44350198104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.917099953 CEST50198443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:58.918905020 CEST50198443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:59.688457012 CEST50200443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:59.688553095 CEST44350200104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:59.688626051 CEST50200443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:59.689112902 CEST50200443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:59.689150095 CEST44350200104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:00.312568903 CEST44350200104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:00.315011024 CEST50200443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:00.315038919 CEST44350200104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:00.997260094 CEST44350200104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:00.997334003 CEST44350200104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:00.997387886 CEST50200443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:00.997895956 CEST50200443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:01.759397030 CEST50202443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:01.759433031 CEST44350202104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:01.759495974 CEST50202443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:01.759705067 CEST50202443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:01.759712934 CEST44350202104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:02.362921953 CEST44350202104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:02.364212990 CEST50202443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:02.364283085 CEST44350202104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:02.926310062 CEST44350202104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:02.926377058 CEST44350202104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:02.929096937 CEST50202443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:02.930669069 CEST50202443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:03.412331104 CEST50204443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:03.412377119 CEST44350204104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:03.412444115 CEST50204443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:03.412710905 CEST50204443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:03.412725925 CEST44350204104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:04.066893101 CEST44350204104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:04.073044062 CEST50204443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:04.073116064 CEST44350204104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:04.651570082 CEST44350204104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:04.651648998 CEST44350204104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:04.652726889 CEST50204443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:04.652726889 CEST50204443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:05.415839911 CEST50206443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:05.415873051 CEST44350206104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:05.415929079 CEST50206443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:05.416199923 CEST50206443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:05.416210890 CEST44350206104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:06.030654907 CEST44350206104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:06.035022974 CEST50206443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:06.035059929 CEST44350206104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:06.673500061 CEST44350206104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:06.673664093 CEST44350206104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:06.677504063 CEST50206443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:06.677504063 CEST50206443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:07.733786106 CEST50208443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:07.733824968 CEST44350208104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:07.733882904 CEST50208443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:07.734152079 CEST50208443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:07.734165907 CEST44350208104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:08.363554001 CEST44350208104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:08.369034052 CEST50208443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:08.369054079 CEST44350208104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:09.459842920 CEST44350208104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:09.460014105 CEST44350208104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:09.460058928 CEST50208443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:09.460545063 CEST50208443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:10.385940075 CEST50210443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:10.385977030 CEST44350210104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:10.386459112 CEST50210443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:10.387005091 CEST50210443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:10.387025118 CEST44350210104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.520539045 CEST50210443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.523864031 CEST50211443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.523904085 CEST44350211104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.523956060 CEST50211443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.524240971 CEST50211443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.524249077 CEST44350211104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.563347101 CEST44350210104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.769140959 CEST44350210104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:11.769233942 CEST50210443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:12.972249985 CEST44350211104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:12.972347975 CEST50211443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:13.498456001 CEST50211443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:13.498481989 CEST44350211104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:13.498866081 CEST44350211104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:13.499933004 CEST50211443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:13.547327042 CEST44350211104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:14.078255892 CEST44350211104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:14.078313112 CEST44350211104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:14.078358889 CEST50211443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:14.078737974 CEST50211443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:21.715934992 CEST50213443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:21.716002941 CEST44350213104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:21.716099024 CEST50213443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:21.716499090 CEST50213443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:21.716533899 CEST44350213104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.334764957 CEST44350213104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.336467028 CEST50213443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.336566925 CEST44350213104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.908526897 CEST44350213104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.908689022 CEST44350213104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.909090996 CEST50213443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.909163952 CEST44350213104.26.4.30192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.909198999 CEST50213443192.168.2.7104.26.4.30
                                                                                                                                                                                                                                                Oct 25, 2024 18:10:22.909235001 CEST50213443192.168.2.7104.26.4.30

                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.271174908 CEST6015553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.279027939 CEST53601551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.822694063 CEST6288153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.670308113 CEST4983553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.834678888 CEST6495553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.842820883 CEST53649551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.199033022 CEST5172653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.566975117 CEST5618753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.914426088 CEST6128253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.923294067 CEST53612821.1.1.1192.168.2.7

                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.271174908 CEST192.168.2.71.1.1.10x9ca9Standard query (0)picsum.photosA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.822694063 CEST192.168.2.71.1.1.10xa887Standard query (0)fastly.picsum.photosA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.670308113 CEST192.168.2.71.1.1.10xcd9aStandard query (0)fastly.picsum.photosA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.834678888 CEST192.168.2.71.1.1.10x92b7Standard query (0)picsum.photosA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.199033022 CEST192.168.2.71.1.1.10x1729Standard query (0)fastly.picsum.photosA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.566975117 CEST192.168.2.71.1.1.10x5f36Standard query (0)fastly.picsum.photosA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.914426088 CEST192.168.2.71.1.1.10xc5deStandard query (0)picsum.photosA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.279027939 CEST1.1.1.1192.168.2.70x9ca9No error (0)picsum.photos104.26.5.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.279027939 CEST1.1.1.1192.168.2.70x9ca9No error (0)picsum.photos172.67.74.163A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:12.279027939 CEST1.1.1.1192.168.2.70x9ca9No error (0)picsum.photos104.26.4.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:06:13.833400011 CEST1.1.1.1192.168.2.70xa887No error (0)fastly.picsum.photosdualstack.n.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:15.681025028 CEST1.1.1.1192.168.2.70xcd9aNo error (0)fastly.picsum.photosdualstack.n.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.842820883 CEST1.1.1.1192.168.2.70x92b7No error (0)picsum.photos104.26.4.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.842820883 CEST1.1.1.1192.168.2.70x92b7No error (0)picsum.photos104.26.5.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:07:36.842820883 CEST1.1.1.1192.168.2.70x92b7No error (0)picsum.photos172.67.74.163A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:08:16.208643913 CEST1.1.1.1192.168.2.70x1729No error (0)fastly.picsum.photosdualstack.n.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:16.577771902 CEST1.1.1.1192.168.2.70x5f36No error (0)fastly.picsum.photosdualstack.n.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.923294067 CEST1.1.1.1192.168.2.70xc5deNo error (0)picsum.photos104.26.4.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.923294067 CEST1.1.1.1192.168.2.70xc5deNo error (0)picsum.photos104.26.5.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 25, 2024 18:09:22.923294067 CEST1.1.1.1192.168.2.70xc5deNo error (0)picsum.photos172.67.74.163A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                • picsum.photos

                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.749699104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:13 UTC79OUTGET /200/300?random=1 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-10-25 16:06:13 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:13 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/570/200/300.jpg?hmac=fMlqjNmBSgN75P_tCU-PVSGzRYQxU23Xqd593HxZSZQ
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AKPswcVNhUntDSrhZI%2FwzLUTZ%2FvR1VBV07fzDshLLrX4twEvndg6AEsL50G%2FrbZlduHDEI6UxeDtcxTK29BJl7oZCv7AxUay0P7fBG%2F6LHbuRStEy0ytJfuB3aTMaLE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8373dbd8ea6bec-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.749704104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:15 UTC55OUTGET /200/300?random=2 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:16 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:16 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/382/200/300.jpg?hmac=ql7Jj1WJu3zhhAn2p18Oxdn-JE1qZBR-lDF-MOVXCUA
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C2XZhgjXtqmiHQhOoSLSNiFOj5bFMs8TtW0rifuNVza31UoghOHIm0slgQzzLDK496E%2BQxLLcHLvM%2BFhkdg3z%2BHUw5%2Ftb36ROQMJsjtJrJSPuDgXF6WB0dJD3cjdb%2Fs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8373ebedaf345e-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.749707104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:17 UTC55OUTGET /200/300?random=3 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:18 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:18 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/327/200/300.jpg?hmac=4XafWFg8DGNzz5ATxgKAXnhZmeCXdFEtK86ehmyQlE4
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BSMfLs9bLvgVhlcFE2N5eu1JfNiPE45caIKHzIwZpeON98%2Fq1m92Wl96RSGuHPrmhL6QEVMrjppN8eqz8Ii2RGpD7veqt307GSaErvhm8zrWtqouAVsHFVSdbn8uEJc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8373f86abb3ab6-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                3192.168.2.749715104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:19 UTC55OUTGET /200/300?random=4 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:20 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:20 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/114/200/300.jpg?hmac=RsaHLtW_cVJ2g7oCf2cW_kkIsaHv3QPZgv81ZYH5-aA
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=geF3BwtdiqUSPDqHg%2BFJfLXd7nN17G6cQfkTRLUb4slprob1yx3GjyobfRXtMWSTS2QVGgiyRPxzLnGZcFhnRqq8R6esTjrR2GpK%2BlH4S8mKZ7cG3RB%2B75q3fqV0Oiw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374055acf47fd-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                4192.168.2.749723104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:21 UTC55OUTGET /200/300?random=5 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:22 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:22 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/814/200/300.jpg?hmac=Fdr3IdVM_oeEBSotkbzIZJ1ifzyImebBI2d7cIMNJLM
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ehkF%2BLDrEeWCMJAFYp%2FFZlIV%2F5XIlBLHYPUEqRoy3LmmVxLiBXc1QQJbgPrd8tEA9kX45bJ8XhTr8%2FH1n1IUAIHB8QnzHd7ZhUlC4SPNwk6aFjBkomz02DzwYEomNIM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837411e87c4680-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                5192.168.2.749738104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:24 UTC55OUTGET /200/300?random=6 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:24 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:24 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/756/200/300.jpg?hmac=kojqQY60yVD4KaSEFOEw62LRuwfiOR2f-6ZdnEgKhxM
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MVZCGgD8jgmKgRpTPzSlnKlpHtE1mNIoJiHtyhsIYK%2FQj62YYALZiGtNrJ1R7UlSW3hlq6NPzUyp4lhvb6%2Fjo%2FfhqdOAQvBG61tcyFDgmzut0oqNOaTjJwiYU3E7Niw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837420ac086bd7-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                6192.168.2.749748104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:26 UTC55OUTGET /200/300?random=7 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:26 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:26 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/867/200/300.jpg?hmac=l9Sb50fRDDS2EGp1lHYsoxOdsO88E-eRygNU36pTQ-s
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wRO7g5X9OAaqKM%2FRld%2F1NfHVTfSATIjJ9Bq4b1dwcm35ayHK2Vnb92A%2Bv6hotbUtyKS3cALswnMpNnQ14Uik0aUucd5R7h%2FGoOmpktC3YNAVPMaxp%2FB6MdfLjapgS3o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83742e5c1d699a-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                7192.168.2.749762104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:28 UTC55OUTGET /200/300?random=8 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:29 UTC791INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:28 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/316/200/300.jpg?hmac=sq0VBO6H0wGg9Prod7MVUUB_7B91kmD5E1X1TRSo66U
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hxnAHm1%2FFK9PYHpf6REGR8Gi8X7cORDge%2FuEIXm2Ik7AkwnQ%2B6fO3N6uUeg3s8ApoMCWBoHyjjB0Mcp8s15ZUGsFXFAAvn%2FsAPuhd%2BWZYILeBN1kHbtP4j%2BYzEGoGqE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83743bec2a6be4-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                8192.168.2.749780104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:30 UTC55OUTGET /200/300?random=9 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:31 UTC784INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:31 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/36/200/300.jpg?hmac=yeKKPp3h_shxmrZgoKPc6ix1TOSmkj8Rs9FZVpFzljA
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cns5NSCYqwlmT51nvCj1zCnSSQXDOoBeefj2MKvzx1oxvyeiEus2mVQTkret2U%2FXyG5FhNEgluwNoymZOihugW98V51xsRiQUJCEJ0irrop%2F%2BHpx5GCBCuORi4MlxOE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83744ab9c9e8f5-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                9192.168.2.749793104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:32 UTC56OUTGET /200/300?random=10 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:33 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:33 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/880/200/300.jpg?hmac=dShSJOHRB--zjrqofJOm33xe4Cylybn00N77ewnaS2g
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZvRsbom9ZXUE79Hwt7qCExCm3KWqi3wFNJrrOu1GrdGqMHagzfDwU1etTExNKWMqr1vFpVvdjha03rn0J8%2FwsaSlbhgQp68Tn1cjwye950Tvp5aglsqcju6XhAkykPc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374570f832ccb-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                10192.168.2.749805104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:34 UTC56OUTGET /200/300?random=11 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:35 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:35 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/639/200/300.jpg?hmac=dITw9zyqi0A4tZ6lMk191HJezQPJDDKG4wyJXadYRH0
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SdkevT0RNV6Z%2FIXSwFb1ACh1%2Bi1%2F8ZpsFrfHBy2MKhG%2Bop4PLIic7F0nGzkN9OecvyCERbXMVLpxlt5R6FpEYyq2qRqXnvDkP0pXjEVOJ2nrzvSXWmNarpLo%2BZgksFU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837463ef74e5bd-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                11192.168.2.749821104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:37 UTC56OUTGET /200/300?random=12 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:38 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:38 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/655/200/300.jpg?hmac=SlNnemiSlvt724JhX_6o0cfOmLnp5NnDewnA1_vB2rg
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aCT1Zx5YC2cOl6lM0glaceC14h0%2B21X6fbSj4WmfwpcM343w12I3vNno6bXspxvzVZ02Wy0whsB6sJmNTuU7HVBQNmH8Cjl5DOuTk%2FtQMEhihVmkv3XscBFlQitaSHE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374774a820ba1-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                12192.168.2.749834104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:39 UTC56OUTGET /200/300?random=13 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:40 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:40 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/278/200/300.jpg?hmac=cEuhOs8kJ8HxZkY2ZlsiKJVvxytDZNkZMB6OdB5ZbAI
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EcA5hRZ1txaM6jNX4ggLSHGm9FDe689p%2Fg79WkWZJI7gAy4jBJeWr2pIl00kfzCB%2Fq92xI8LcQ15fvqX6LAe2k0svgeCf6ay%2Fa5M48Bn1g9ENmdIjQ%2Bn%2B8nrEiOM6AA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374836dab4684-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                13192.168.2.749846104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:41 UTC56OUTGET /200/300?random=14 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:42 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:42 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/164/200/300.jpg?hmac=lJgBIETeK-yv_xtPn_UpKfg8s9N38Jw6UzxnDF-m0sc
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dMXB4ZSQIxKGhuy2tHDVjrbeqokSnNWYTcLz8pTrF7a73AvFIlPeS6gWubzDL38jjj3guDgd4mFJM6WRatBnHQNCtCoqew4Pp6nG85w4f36jL8L3lX0zd3hYs3h%2BRPs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83748faf156b61-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                14192.168.2.749858104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:43 UTC56OUTGET /200/300?random=15 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:44 UTC795INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:44 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/140/200/300.jpg?hmac=Ohrn-4_NX-lissqZBb4RVEr4n4hxt7TXfj5FIkBjTd0
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rTJ5HhcJ6zMEiS9MkrgOfv31zcpK6%2B4COCXTuQFNf90CjHLX2kQvGNy5%2F2qH%2BGgDJLuBJSQazb69a%2BqEd%2FLlgWUd%2FtUDmeRw6iCsHa6i7tBR0H%2FE%2BJDxqXdi0OI34o4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83749d6f24ddac-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                15192.168.2.749870104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:46 UTC56OUTGET /200/300?random=16 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:46 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:46 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/260/200/300.jpg?hmac=_VpBxDn0zencTyMnssCV14LkW80zG7vw2rw7WCQ2uVo
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DZkJSzWl8jjM4WwqhlSNcqf7PWr5IFER0bjOvSoTH%2FzOZQyvt6TsYppCq5JntyUUBVsdmtc09CG2hSg0yMZ2g7wIWfTbbbTzfBsolFjnVJTtRtpkn4EtXQGK%2FS0vKqY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374aa6b1dddac-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                16192.168.2.749886104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:48 UTC56OUTGET /200/300?random=17 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:48 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:48 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/108/200/300.jpg?hmac=66ukSMLRNm61ayt092vMAdSgvIRE5opr1Dj3kxCkC2c
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HMbqOKyxJn2N5sXHzCjYrOaeppWJlLm0l8K%2BoHSJsWa1xguuudJmW7zcpXmyT4MYR1m8ZpJOL15tgGT5sPwsEN2%2FqdvssYmh%2BeRH9etNkjOVmyVfuyJM2S8MiRKKpE0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374b90fa06b94-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                17192.168.2.749899104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:50 UTC56OUTGET /200/300?random=18 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:51 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:51 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/691/200/300.jpg?hmac=1nouilaOHm3p-SqXPrCLcCcFEtJ60GlDAwkLAHq4x-c
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wfMcFJXulggDQ4y5wgTs3OX5JvIWAQqZ2GyM4MDQl4D3GAa34VGJXPzjTVclRntL3J9Q9MzIr4VXzh%2FM38x51DYMQCQCrZaVw5v4qSZFauCiJcoM5Z74b6X1Wac7Ozg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374c70fd28d2d-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                18192.168.2.749914104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:52 UTC56OUTGET /200/300?random=19 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:53 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:53 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/171/200/300.jpg?hmac=NHia9vzbBwrKnBFwp7cDZPSxFcVF_VGbnFO5LAjWnuE
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GG%2Fnolbxcbe1XBtoXsEQen1pUxR03%2FiDKdMKeAwJcTR3U4Pc4Rc%2FjnieG91FmtQiWc09ylZZtPjjQO2tmMBdGGpwlrtEOlnua8iucvnRVnhpCWxGzAPBViDlX%2FHwGSI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374d39f462e1f-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                19192.168.2.749926104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:55 UTC56OUTGET /200/300?random=20 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:55 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:55 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/165/200/300.jpg?hmac=4P65Mkd3rtbFIw6TRq5Wc_c9_bOP2SClOjjOFZgbEPg
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8r%2B%2Feq9w5ysY9RHPSUnLEE0f%2FjIo3ogqM7Vpi0f1bBpvJLupSSJsweUT%2F5rQ9o1KGjwzhxDX2jhL6qwSypqLoQ4wPNXMOoRrOGI3vwBz082nsYfmsHabNmb99wWQ7VA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374e35b7d0072-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                20192.168.2.749941104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:57 UTC56OUTGET /200/300?random=21 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:06:57 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:06:57 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/834/200/300.jpg?hmac=9hu4aro5r8PEFwzVlhizygx4urxyeGGjgyMRXUgKOsE
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URs5%2BDD7eWvve70av0inGKQYn%2BCHDR5jRG4rzy3upNHxmsHoZbJctNsGME1Az%2BK1CTT1nn3QEDcOwecdVAwmfS%2B5Oj0JEjj921aFIK4edob2ABoG6gaPT%2B00MPlJwTU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374efce336b04-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                21192.168.2.749954104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:06:59 UTC56OUTGET /200/300?random=22 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:00 UTC791INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:00 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/237/200/300.jpg?hmac=TmmQSbShHz9CdQm0NkEjx1Dyh_Y984R9LpNrpvH2D_U
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q3%2B4wYDQ5kU3%2FaZl6oQMhOXuNmE95pU%2FFmXz%2Bt54oApSWAQGttpBfUiaLgwE2RXjGMCpTTT2x1sSVK1sbm6E%2B2U7UcVCybix%2BgOjb5JZ9y5ynJkhLqTdXeKGM2dG1Y4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8374fe7c5b460c-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                22192.168.2.749966104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:01 UTC56OUTGET /200/300?random=23 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:02 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:02 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/520/200/300.jpg?hmac=wYOWhYQGp5efB1HNroao-yTysVtEt5osptkdHJIsc0g
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JfSOhSbEGeFoY3jxMPZw4%2BRWX0TVAProzhcX5Ul8I2Is9zzdu20uBFO8fqGLeNmIC1GxLNwQHEmiA4db3BeEEjwjZsT5aNbfuB4zIjgpLiWgawnVI7r7PHM9%2BfMmuxU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83750bbf56287f-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                23192.168.2.749983104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:03 UTC56OUTGET /200/300?random=24 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:04 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:04 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/905/200/300.jpg?hmac=uLUlIwyKcu9AtTY3uOL04O0gbesMVu-yNVRvCsF1xD8
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZjYOKuSKIwCi5yBXjxGmp19QXrwj4%2B6AGRf6HoNzc3ppm2D%2FLVc60bklViQqHjnFFtmg2bRuGJ38vdnFmfaIsYSz%2BVDFDmlbZOLLSn4DfRnmsC4%2Fwk4LKe%2FDMMSMSs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375187b10ea80-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                24192.168.2.749995104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:05 UTC56OUTGET /200/300?random=25 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:06 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:06 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/996/200/300.jpg?hmac=vjpTROwvLRamauR7RHTF21dxsN351pnM44SxoByue5c
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PkpKA0tsXhRFPaKmP9ntSx4gwapF24eyJnEVC9obmaTEwk8BRHS0O3NAUoS2SkPgRP2mCmVouURXSExGGKD5B9XGXzjtJQzZqAF3xh3Rng0q6keuzZmVgbO%2FIt7OLPQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375249e992e17-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                25192.168.2.750008104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:07 UTC56OUTGET /200/300?random=26 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:08 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:08 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/739/200/300.jpg?hmac=xApsFbHx511SUVG612QiltrATotVTYu3Q4wfvGyYC1g
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=19SHUQQlOzj7LCsWqRyGrYtHX8YNbzMz9W7eKR8LSiyHvfYTYpdSe1FXygteH2ZiS8Nz6ArH1TyqEalxvAiiqwWIPGZ6nRrSoN4gPHmgm%2FWxDIF%2BQVj2iM292dO9BFM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837530ac131440-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                26192.168.2.750020104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:09 UTC56OUTGET /200/300?random=27 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:10 UTC795INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:10 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/144/200/300.jpg?hmac=Ht6BBpdvDQfimGaAl_1BbAm3Fj5fHtMwP5C6xpsUL10
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2FWy7G%2FjhODTKCMpLGWtpp%2BnLUUYB%2FVn%2B3XiyT7JLlTzZsljWNYl4iQFwToSNiPzKv9n7XLx5yefs5%2FkVMXVGG3jnS%2F4r%2BOy3y14g8VQSwgyHKChOSbAb4MxbxrTP3c%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83753fdc8535a2-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                27192.168.2.750030104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:12 UTC56OUTGET /200/300?random=28 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:12 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:12 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/837/200/300.jpg?hmac=Gt-0oRZYfIeEmweMdDSOJI6o3pk0tZitt5LO1KsbLC4
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hylo1v5Wb95kFD1H4iNpHU05sAQBiKCiz9RpOPteHC5CkX5Bm3qYohHfUVzbxiUdZa%2BkYRfv1eyWrRHPTizLLL21FsVIq4YazjK3kMBrUyzfypHiVf4hreSdY0SuKeI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83754cba5de83f-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                28192.168.2.750032104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:15 UTC56OUTGET /200/300?random=29 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:15 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:15 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/988/200/300.jpg?hmac=t-oW7bwXaruDMMMz6vIk1GO5lfOolflGxHfJfheVvc8
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXU5UVLm9L07NxhY%2Fv8%2Bnm2ylFcACr8EziaZYczgqjwTYuI5rcpobIKrlRVUDpo%2FCo0HWFRJOSRMNMGdJ9ex7%2BrEjjv1cQK1Q9C%2FxSXiFqNZzo5uFg4evQIhgjf3uWc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83755fa817eafe-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                29192.168.2.750034104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:17 UTC56OUTGET /200/300?random=30 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:17 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:17 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/242/200/300.jpg?hmac=_v7qaiV_fwDB3NP9lpirq7rMvS10u8lHjqMYNmmXya4
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K02lSZZxUfMbejep2MKu%2Fl9yt5ZaZsAKHhnvqCM0QIXO4sPn%2BhD34GAh2o5IygDHvp02gPkRP0JXykC0Xeg4l9EgfkO6FHZ%2FzZ0t5ULqYcbqxEzWefWqCAGGi7wkIH8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83756c3d04a915-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                30192.168.2.750036104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:18 UTC56OUTGET /200/300?random=31 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:19 UTC793INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:19 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/557/200/300.jpg?hmac=eC86bsSOhqQjoHHnj3yzH5wMTIY9S3ys6cQjU1_QLGc
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VrDMpQ2wW57KjcXJJoExlzx%2FtaAWt%2F49UulsIhMOKNhDFPL549DnM%2Bg9V6XBMg%2BKO%2BWcJdFX27ZT28Hqk0Yf%2B71ynvZmdMi4Z8wbTW4yROyVOo5VgBuI4QQ%2FfmCY1kM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375774b6beaac-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                31192.168.2.750038104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:20 UTC56OUTGET /200/300?random=32 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:21 UTC791INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:21 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/404/200/300.jpg?hmac=1i6ra6DJN9kJ9AQVfSf3VD1w08FkegBgXuz9lNDk1OM
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=odrwoMWrzkJzgUuP10NCJYtlOad3ZHG3OHsaQ41RWqcA%2BXb8LoGL6RBzgTw9vMfJfjN%2BuVcn96yp%2BoQ%2FtC0W%2F%2BRFFPXFwUOVjU2MASjgpcXHASDFtMqg3JVjlyhE68M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375838a204760-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                32192.168.2.750040104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:22 UTC56OUTGET /200/300?random=33 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:23 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:23 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/473/200/300.jpg?hmac=WYG6etF60iOJeGoFVY1hVDMakbBRS32ZDGNkVZhF6-8
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DlRz5L9Ou4AiX6rqStTb3kAdnok4O8hJpRorjUakN%2F2DsssXLP58AdtRxkXPE0A%2FSWKg2s3yOquZX2nIuMW92SMbshuMp8mnaCyK4uEQCtZK9DS9ptisP1DAnBzXrSM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83758f9ce7839e-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                33192.168.2.750042104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:24 UTC56OUTGET /200/300?random=34 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:25 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:25 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/306/200/300.jpg?hmac=T-FQeWIc7YbLbcYdpyDGypNif0btJ8n5P4ozBJx8WgE
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=39%2FJdbhf%2BkyijKKg4ZxRAgDjxI6YfYmD6sCf%2FO1VY8jGTVwIFvQQAN4ANvY%2FYOBMVPx7qSm9X6dqLAmwKrcYZn67RE0KyIDHZmbeZQPVhzX0q6CnrFZy7j90MyrE2w0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83759c4d14ddae-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                34192.168.2.750044104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:26 UTC56OUTGET /200/300?random=35 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:27 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:27 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/217/200/300.jpg?hmac=3GPQ-pPnL4D8miCKA0qNqIg4zr5Ponvl9OVH83CeGuc
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BfRnCQxrumxGNY7qOmrjYhqZXc%2B3XOxXdqeahJoroRXnpbHwqpJoM96PX52aMpDcN5t2ROiyxjkgZFbPGNr5ALNDXrcbh3Z3KZgyIqANGaXbUHGNhN1ZlBbgn6Wyrwc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375a85e47284b-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                35192.168.2.750046104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:29 UTC56OUTGET /200/300?random=36 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:30 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:30 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/474/200/300.jpg?hmac=ujW-ONkfEKNYQaIt8c6e2WaF1LWjpave8A5pHryyQs0
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SwCqLutExvIq1Iij08g3doJ02rW%2FeujjYDfT2CHiZfLAIcgu2E8madK74qTb9fpb9yg7Vr4WqElE3%2FB3RRDvw0j4h4NJ7puOsodvGABU6g1W77ossvLD9ceV4VhWVAs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375bbcc796c80-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                36192.168.2.750048104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:31 UTC56OUTGET /200/300?random=37 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:32 UTC795INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:32 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/780/200/300.jpg?hmac=Zmxf0t2fpCbfZrR5NAXA_IKAP_8P6fYe9P440jUTWag
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EYUgBMAHh1Sjgj4%2FV4bjggXECwzbaQPrLLl%2BVbrO%2FzrUGuLkp1bTN0AVS15TsyZ%2FvSF%2F1zanVbWCMMhD6e46g4nM%2BwBcldTJbeEcUwGPV8P6bZe0Ob%2FIHN3fM%2BpyZKc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375c7dbf90c13-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                37192.168.2.750050104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:33 UTC56OUTGET /200/300?random=38 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:34 UTC790INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:34 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/37/200/300.jpg?hmac=H-M0-zyAOZnQIHrggRUcDCS_roK8MHKI1OtEgZA72yk
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IkStu6B%2FBCnizYZgC22PJMNlip5vn%2FOAR6RufIPYJmsh4tjkE7aXi1%2F2JQPfDUc0MSJ00SM6l4U%2F47PbjkGNN%2B7I%2Btw4onM21IiMYe2ZdxMDoZlZNOsmO8eCI9hV0gY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375d3fc00e7a6-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                38192.168.2.750052104.26.5.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:35 UTC56OUTGET /200/300?random=40 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:36 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:36 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/409/200/300.jpg?hmac=DMEn4qNc0DsvxlQ4NSDPOesRyq8VhhGEi6IXy2DblLk
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9IFZBuzgNXo03S2Rt4dn7Z1welDEe68BsOF5I8GpGJ%2FRLEO3pu5yS%2FqnZp8Ko%2FtUviwgQqini12332fb8B329FfxulX1ic86Tn3jt%2FFOlXdJmCmwBBBwSkzDjlf%2Fjgg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375df5b262ccf-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                39192.168.2.750054104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:37 UTC56OUTGET /200/300?random=41 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:38 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:37 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/893/200/300.jpg?hmac=7jsxm2l6ji-5CBnfrJO7IqDUekLtP4PvA7taLcRW2NI
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uNC4VuVJ9IlHvqBLuA2FyTWuf3FiO5eyOeJ72cF8JlhYNjeazwZ3WJtvblMqMorrcQDJfbu%2Fmf9TObC4c2bfVrPBLVtKllsK6ZerKUTkknTvDFz8igvm4BYlSFJ6vKI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375eb7b776bc5-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                40192.168.2.750056104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:39 UTC56OUTGET /200/300?random=42 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:40 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:40 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/390/200/300.jpg?hmac=m2OBPNcWKpibmpjeOD_5Bnl5rx-6WjYtzfGnleMgyhU
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pMjf5Kyv%2FBsFAErGY7mB%2FsHr9oIl89NtgnloNqYW1mnofp00%2B1qGr%2B8uoBN4E8c7pEpPMgDzzJEEpkRfvzZY%2BsbY0XBAfm2BUEkTZbIicQsHB50funqsiuee99OYXso%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8375f8ad2dddab-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                41192.168.2.750058104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:41 UTC56OUTGET /200/300?random=43 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:42 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:41 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/406/200/300.jpg?hmac=hL72xK7v5nIaSK6F5XcGWjvxXslx72ZNRshXUAci5Bc
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y945nOKvPGmdtl7dx5jYD7sAMdLb6Ri2clKixXQ4TPlI9oxv2Zr04ahnPLz3ZBs%2B8vh2SuyngiJmNvZu5kFZH5aGQIQ8Og%2BHFEiPFw5MvhDMdZCSm3v2puwUaVNR3yA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837604b8f1e5b1-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                42192.168.2.750060104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:43 UTC56OUTGET /200/300?random=44 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:43 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:43 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/551/200/300.jpg?hmac=pXJCWIikY_BiqwhtawBb8x1jxclDny0522ZprZVTJiU
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zuuwewbp%2B190pnGJ8vDTAw6cZ%2F4Ta3FZjXwXGnUAZQdezVgVRkcSmErlAXJeAMiSpJjqgtFvb5n9HrJK%2F84sRoJZq%2FAd0LbOFmh%2BQfEyOwGZmj4u3vzYgqZD93mAR7A%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837610d87a2e18-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                43192.168.2.750062104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:45 UTC56OUTGET /200/300?random=45 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:45 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:45 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/851/200/300.jpg?hmac=AD_d7PsSrqI2zi-ubHY_-urUxCN77Gnev3k5o0P6nlE
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5MiL9xYHLe5cJcZV2I6ZmFDR5NelqlCJBwojghdVTZN4N2V9XnlgeLW96hfniLNhZP6MBP1sJPucWlBd6qL9WQppWfujPxQTNBefPncgOBe12B5%2BHTfDpfdDqAIR6Lg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83761cedcf6bbc-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                44192.168.2.750064104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:47 UTC56OUTGET /200/300?random=46 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:47 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:47 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/880/200/300.jpg?hmac=dShSJOHRB--zjrqofJOm33xe4Cylybn00N77ewnaS2g
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vy02%2FlnoEaqPRbY1Tq2GrzcGs3Ga1%2FxHvJms6Sqow%2BtqhUV9YefhEf8W8mz97jFOMSB1sW59OQC62Vl8vV6Nem696rs0u5XLQHpbe8YJj73wBkN5UvL73Gk41w4jVGc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837627ff5f6b22-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                45192.168.2.750066104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:48 UTC56OUTGET /200/300?random=47 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:48 UTC780INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:48 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/37/200/300.jpg?hmac=H-M0-zyAOZnQIHrggRUcDCS_roK8MHKI1OtEgZA72yk
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IiHIOQfGpsgAj3j3pvejvWUwfkf3mvN5tYHA8Xqt6BBDQVYVBqXfPpwmuncULQe7h9eoFoGaJn9dZTNYkUgO%2F2D0m9qDQddGRmCetPdCAb6Mj0OKasP66F8d8lq2tds%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83762faf270b7a-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                46192.168.2.750068104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:50 UTC56OUTGET /200/300?random=48 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:50 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:50 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/851/200/300.jpg?hmac=AD_d7PsSrqI2zi-ubHY_-urUxCN77Gnev3k5o0P6nlE
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0JL1RzgRGHgCYHi2l%2FrwLlLWD%2BaRt3sgaY9gSMTcvWIeB%2FAtxmMdvDwj8qSaUQVpg%2FxkA91XMWRH58NmmWdBFLXSYiLk8CsGF1IfuTY9yiWzEi1A8KitVb0gA%2F5Yi4o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83763c18403468-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                47192.168.2.750070104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:52 UTC56OUTGET /200/300?random=49 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:52 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:52 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/402/200/300.jpg?hmac=JmZsqnQgJgxs4tbKwb8Tdu3r-B0tEGN7nrKEb1jBB0Y
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fHMR2k9jnDhaXHr7AQFOBO3S5c0qWAo5LComDMW07Qbksd%2BauXz9pcAKBlF4O8DBh3mWo%2BMeKEZQusZYu5h1D6uuj1LDBg616OyC%2Fx8hk1rlLAsyQz38E6asrFYd7dg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837648aab36b47-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                48192.168.2.750072104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:54 UTC56OUTGET /200/300?random=50 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:55 UTC788INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:54 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/1000/200/300.jpg?hmac=fTFlkBSHCXIXMoNE-1_EshZ91TrzHgY8YhIzYDRwH2c
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHfM4iuE48TVa5tzWVrE%2BFYFcWE0ttHnf2pUFAIQ48OQf1qmCwh3Ad2VfPZlsrLzgQrOFI8%2FYRbVGtxce3rQEFd%2FJsoR6tA%2Fn7ayr6hI07OQ58a0OSG9Run8zKWNnI0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837655dcb02ca2-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                49192.168.2.750074104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:57 UTC56OUTGET /200/300?random=51 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:07:57 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:57 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/793/200/300.jpg?hmac=MOZTy7CEiCptTmTIOiss-6dGsFhhfJPMTKyTgyR12hw
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q6XIhJguzbN7fDM1EXSm3duehbVehj0QtTuzyLcPYksngfb%2Fc4hpj6LDN69ZZjILfelDFISeXrybnfkMychKfZKGdbokBnlD9uI50LITKMWrc%2B7eAG2XjL%2FDOGElVXE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837667df9d2c8f-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                50192.168.2.750076104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:07:59 UTC56OUTGET /200/300?random=52 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:00 UTC791INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:07:59 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/215/200/300.jpg?hmac=Nt1epjkKo-29FLbrKGINDjceT_uNiqOG_pah7r52Wss
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q8cg%2BovUHjTPrP%2B9iEulXnZxzvceMTaMm5AXaREbL8H3CAwahdOn2cZuYxvLyRBTHTjo2b1uxgjUOE7WIPgmLhr1ydGV3qKH32QQW2SJ%2BhfP%2FRffDggl%2BcWJ1CJ%2FsSM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376750c45e5ad-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                51192.168.2.750078104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:01 UTC56OUTGET /200/300?random=53 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:01 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:01 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/698/200/300.jpg?hmac=2Z_fr-yUH1ByQu36MAR319aTCndT4FjG1VBksAKGVKU
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eY1zqw4JaIfhzfcMuCR4%2FpKKjv3xHtPRuLduHGGk9n2dyysnsuHEIl%2BDqGWLqUeEV8JLCX5BZz2HjUCXwpHFWq5eqwj0N9GmfQoWS0MK4eZINHsYarfLrhpA9pynd5s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837681691b6b32-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                52192.168.2.750080104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:03 UTC56OUTGET /200/300?random=54 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:04 UTC797INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:04 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/878/200/300.jpg?hmac=nSy0W5kdisSxfmRdWV95EFyG0HgfqQzD9D2IkWG76ho
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FgqKrbw9W6R8b20%2Bqq3EM63u82VD%2BY%2FF%2Fs1GZD2jPkRMmA05UidAh9xxh%2BvR%2Fc6Qnfdt0%2F1TNcdc%2FtcX9JSWqwgBdNgRwmzgKe1JJCRW0qC2s%2BXsCUv15cotRayFf6M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83768e8f72ead1-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                53192.168.2.750082104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:05 UTC56OUTGET /200/300?random=55 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:06 UTC795INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:06 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/374/200/300.jpg?hmac=O7_6jZztETgk8S2eFcdlCNlqe50qS5u-OW5hs-EoNMo
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FPZazwtlxDYvzBjkwAXuIbTvvN3Z4WaW3ARCaJSLaOGPebGDIeahSNl5dx%2FPJwK9F%2BdisXQKAwAAMvliY2g1cgXkIoEAORS3a6nKoii%2Bms7KZ9A%2B%2BXQ3jL2PRf%2BIH%2F8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83769bad186c50-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                54192.168.2.750084104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:07 UTC56OUTGET /200/300?random=56 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:08 UTC779INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:08 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/136/200/300.jpg?hmac=vOFG2QkF3OUbTp5DRbf7w58YCDVrvf_g5aPFxxTucpU
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EgiDYpBC1D6iSD3w6y9oqSa2uO0kx2GtVTgAbgqgOSdzfgx9Mb2z3GwbS4nERk8AsVmJ8ijwe0t6nuUrkRGOKmbTc7w0DxeBW1DrZA5gW16EsnMLiyWvi449cLkWkKk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376a7ee1eddae-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                55192.168.2.750086104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:09 UTC56OUTGET /200/300?random=57 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:10 UTC786INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:10 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/1029/200/300.jpg?hmac=VpePgDBTGFZYhRTeOD9o6nCvZB_01SrIHCMMkoZal_A
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cVhZZaZiTOeHzZ9S5VmwUS4ezBK3VOepNwTunxkleiyWwJfGBoOS1UIXnOCKpvUjOO3hOvfnbydMcMVKH9txg%2BhmBMBC0e4xevgKLdiJ9TmJ7cGnh88XC3%2BpAwF%2FPz0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376b40c8f6b1f-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                56192.168.2.750088104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:11 UTC56OUTGET /200/300?random=58 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:11 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:11 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/465/200/300.jpg?hmac=GloUvp2VmlLW7pBsz3VDy5QNZizjay1SWjEmqisahZs
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5V2n7oWTN6ZsoOxxxCDBKYPz4doQyuKWfFRg%2BNJ9yEgcSduWr2C6Um2XDEE0CYU8d%2BAvbxz%2BrN2sFTDcchyPb3SbMHgNl6n2L2sN7NSdtEP1siBqdWk0bZen69xmsg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376c00c956b85-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                57192.168.2.750090104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:13 UTC56OUTGET /200/300?random=59 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:13 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:13 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/816/200/300.jpg?hmac=4O5XSGjimzcjZYOXpVb_--v3rGzmS-3chmG2L1MS-mc
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYmZ311QosziWwas6ceAYmannGEMKBHvunMm%2BB3AdKAc0K2TpLtxHzSMCyiUySAYQBz9T6QiOdETdk6IfbFId1d0tnDiGsWbxKslV1%2FzldeGfUFZ2x%2BLS0Bm5peHN1E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376cabc6be52c-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                58192.168.2.750092104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:15 UTC56OUTGET /200/300?random=60 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:16 UTC795INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:16 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/180/200/300.jpg?hmac=EC8Kweq0GgryGedfHPQFsFTXsZ8NgHaYU5ZnhoGkPLA
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mZ1gLDF8aKvZQv7b5VQgbl%2FCmTqa46vz%2Buo4u41h%2BKkobjVjmF80%2Fhsds9Z%2BosAA87OzXKiOAdpCg%2BQdMZFcxm%2F6Ma052OEeX%2FIazlTzpjzBPrsKOQsA0zXkOPx6SM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376d6ff966c0a-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                59192.168.2.750094104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:17 UTC56OUTGET /200/300?random=61 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:18 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:18 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/574/200/300.jpg?hmac=8A2sOGZU1xgRXI46snJ80xNY3Yx-KcLVsBG-wRchwFg
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PyUQ6Ps5TTv76H7S35bQlDCz%2F3ZIlq8UozIrlMkGgmBgWLJoL9l6mn1cHFwAnHvZNIdfFCgRC6SROHiglk9bVuuuKPVdFmuVqhtfxNS40SDvFgoYMXkD9hw5RhNRx5k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376e6498ce9b9-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                60192.168.2.750096104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:18 UTC56OUTGET /200/300?random=62 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:19 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:19 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/119/200/300.jpg?hmac=1NqHBHR5JDtc_FgBO6wYZJYAWBRIPfgNbRoiqVQ5m-k
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B0AIfTnQ5gW2nGKXhU%2BzkgKeJW1stOrGpWqhCvOkFZR3eZ9ek%2B10BJ%2BSpxDcgdupahe%2BiM66WJCxxArvs09HGb9Wl6FVpMi6GlM5bWFE6VMoDik1r%2B2rnVqp8V10anw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376ef5edd6b6d-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                61192.168.2.750098104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:21 UTC56OUTGET /200/300?random=63 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:21 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:21 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/196/200/300.jpg?hmac=lnuMbzY_IHjTjCeY77BE28VPk68gKVhse1nRP04R_Js
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dhx15%2FNSvL3bRNSqPL%2F4sFfXIbXCVsZZrlWD3xjOvw7ZfO2AeALj46RGDdUzHBy0G4wMWuH7Bi8wyYV0YPtFBriCPqr0fXkxBA7Yu%2Fyir98qONHLBeXjEa9pjVDiUww%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8376fbdc7b8c58-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                62192.168.2.750100104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:22 UTC56OUTGET /200/300?random=64 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:23 UTC788INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:23 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/31/200/300.jpg?hmac=zQA1_1D1pCB2sbB4Hx3gK8ih9-IPgNID_e_8pK0QsiA
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ou%2F4LxGjBmajDZBe1YylveHJzn%2FpqIdZnpgNb37HKXE2bdbPBPYQIHnnUR9pACnHar9fI1f5UIgl%2FlfVIIAaPKsR9n%2B6e6dyQ2ZPmMN%2BgVL2rJ4e9n8BkgrsQUieDhI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377082fbe6bcc-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                63192.168.2.750102104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:25 UTC56OUTGET /200/300?random=65 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:25 UTC791INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:25 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/965/200/300.jpg?hmac=16gh0rrQrvUF3RJa52nRdq8hylkBd-pL4Ff9kqsNRDQ
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TSMVxLeEWsskJlN0n00oV1I4zCyicKscQI%2BktOYZnDk1gCg3N0B%2BaScjybXvK%2FuPNlCg6UKXl%2FieG4JLoRqHNMnNIxtynZ7yo3vwdp%2BNIRZiuUXRfJD%2Fk40UxGUd4CQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837715de312cbc-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                64192.168.2.750104104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:27 UTC56OUTGET /200/300?random=66 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:27 UTC788INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:27 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/76/200/300.jpg?hmac=SWpe2KMM2qFiQ8C8WHIZilaJb7KVkgOVVJPTbasGyUU
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JdWGxjQJFh3riGvLyqKSqjp282XPngf5Q4ExW5XMiMnQ%2F0Hi%2FWyo98fdgo%2Ber0JuJa1g%2BVSFUJdcV4lfoKHRqC5VJoOpwGgBLH2pptFokd8RMHsqvIXC%2BJdcxkNCy5U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377220e18e803-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                65192.168.2.750106104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:29 UTC56OUTGET /200/300?random=67 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:29 UTC779INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:29 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/343/200/300.jpg?hmac=_7ttvLezG-XONDvp0ILwQCv50ivQa_oewm7m6xV2uZA
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7D4Va2rv1zcUOZMzdZANLXNKaw1SbFjgJRk6dTYuznoYy848HcLZb1nz2WarxscLpBlKorMvxSI8654tlTL8R63JGSUp19oPovD8J2u463U4zAEl69LVnVY6ZC7ctFc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83772f7cc26c53-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                66192.168.2.750108104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:33 UTC56OUTGET /200/300?random=68 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:33 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:33 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/591/200/300.jpg?hmac=GBnqheK8f8NgGoZ-JQIGl0uYMejcmT4gvw4PsBmUWPY
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dQ46fYa%2BBLTZegWnYzNuRO%2FuHqEgfTxn2G%2FeiVoSLT45lnMRM65qZg77HGTFzYPAaF9G7sPJnnGVq%2BqJOTCU9phWuYO9uqBpSjXYE9xqOu9gstcGLax9EKAMhjaxqok%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377478efc6c4c-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                67192.168.2.750110104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:34 UTC56OUTGET /200/300?random=69 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:35 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:35 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/465/200/300.jpg?hmac=GloUvp2VmlLW7pBsz3VDy5QNZizjay1SWjEmqisahZs
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GDugGOaZNAa7xIczjnmrshSOCgx%2BYPDBIEya9h4bfILY%2FquVBoX4a7BwOFr8H2DeyLTAGV0VFKKv%2BlFNAB4nL8Ic8lpy6h6IiKECrH9dGNkNVP6nHHNFoq2s6fR%2FiZY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377516ce64768-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                68192.168.2.750112104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:36 UTC56OUTGET /200/300?random=70 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:37 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:37 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/911/200/300.jpg?hmac=WJrS4QZru3pp2Z3K9wqapHxHCNFU-XPF2tY7gviRMoQ
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PIkkZthpgJNfcbUza8izBKVPULg%2B%2BYHtw%2FdAkp5gRftM0wtHdOlnRMEChhRQ6vnbB7yoFvJqRfJRqzIRfVXPliRPyLR9BZUCqMjQE3KLK%2Fhi2lhQDIQFJ9NP496LW9s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83775d7ff23476-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                69192.168.2.750114104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:38 UTC56OUTGET /200/300?random=71 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:39 UTC790INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:39 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/28/200/300.jpg?hmac=PtGtIbRuuZW5gEPGm0h1Y-koEaki3vffOYcq3TdSAlA
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hlq9ODr4UJwQDmq%2Fb%2FJWPCHoW2Kv855k86fswk186g5AmgLEVcYs0vzp704daxx1MgfHFzSOXf5EHajY96tNlB%2BQiUf%2B94y1TQETd3H5yLWDnstTqMb%2FuTv1%2Bi3ww0E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377698aa5cb76-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                70192.168.2.750116104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:40 UTC56OUTGET /200/300?random=72 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:41 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:41 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/4/200/300.jpg?hmac=y6_DgDO4ccUuOHUJcEWirdjxlpPwMcEZo7fz1MpuaWg
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h51B%2BsNbK5Gr1YSPJpOlXhu7yQcgQVvbLW4MuZUh7vhsz%2F7n5xEMe1nS54nTRljFAuQ9mw7WY66v9CMbO69bEaAo4lVvJtmPA9JeVTUQj3wsBLCZfhq2ijfGl0pgl8c%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377768d08e9ce-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                71192.168.2.750118104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:42 UTC56OUTGET /200/300?random=73 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:43 UTC795INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:43 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/815/200/300.jpg?hmac=Vd0SL31jtPA-FMvY___e5hp84IGLTUjtVJY4qUL6hOs
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kCqV86uOK%2FJrqvbQN%2Fpd78QtBiJWtbVr6bGe80ha9fnn%2BonUxd2IxzOraqqqZrM%2FzYd%2Fw%2F3eVGX%2FizbUO5KWHE%2FJoeGnICohNw7EMI4J3VOFp9TPtIvN7xcu013A2dQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837782bad56b91-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                72192.168.2.750120104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:44 UTC56OUTGET /200/300?random=74 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:44 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:44 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/810/200/300.jpg?hmac=HgwlXd-OaLOAqhGyCiZDUb_75EgUI4u0GtS7nfgxd8s
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8S8BbJ%2FuK5ijNUzXM1D4RU0aX7q8aMaoya5GQ7%2BCkClZhef7SG9rjn3j7givn4r%2BMeT4IeH1FXCjdTIeqmZJikkvj23L1EayPo%2BDxe0Vs76MWjp%2FAmbSpjmm6xBXdVM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83778eeeef2cbd-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                73192.168.2.750122104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:46 UTC56OUTGET /200/300?random=75 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:46 UTC784INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:46 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/83/200/300.jpg?hmac=avqtE9ZSAkPbFtYCXzxg4TeAA-fMWqX6jUQeWI_HjLc
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFmx2SCEjTc%2FfQmt0%2Fk6HhfvFyL3GG85k2mFveoTLN3n1fwtGoYK8UrbM7Lza8yGQSBpJfY7CNMRPNdhOhIl0RT1XO110kq9K3SMJ0b8cd%2FXaIiKtMxkaAgR2LwLATw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83779a191b6bf5-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                74192.168.2.750124104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:48 UTC56OUTGET /200/300?random=76 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:48 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:48 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/991/200/300.jpg?hmac=BdTxfK2wHhsGppraQzb5puxPKb5mPVzDaZPz8IiC44Q
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xZ6uXSXZKa0UsAQrFLJ4Td7SdQw%2F%2Bu9uFcELRUNLbcRChhnwWMYRBXpQp%2BuWOghVsa7jsxyeUihDQgf0ueUXyZs2ZF1REGT%2FgLuKAhe7YydRIF%2FVRyAOp33AsfXE88U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377a68b29e91e-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                75192.168.2.750126104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:50 UTC56OUTGET /200/300?random=77 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:50 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:50 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/272/200/300.jpg?hmac=QjLWH4UZZJnyhE7WasPSxZtf4bnA8f4bsbtK2R4m3Ws
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nr82eXQ2yfwfDpkZOTXsViolqmFFnHiREdXBemfzXVxtiutZXHI8hmJ%2BHjDeCREVlVFPkmKavVa9osBG2Ax7xjFuQ9G5ib1kvqDmLtgJvZDPVAj%2FGTFT3MQEJ%2F2gqFU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377b2fae90c23-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                76192.168.2.750128104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:52 UTC56OUTGET /200/300?random=78 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:52 UTC782INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:52 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/1028/200/300.jpg?hmac=Ka86H0yLDb-Ft8SNNKSVTSFylu-GfaEGBrS2AP01ZSM
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0uhz2ZfeAGmzIm0wEHz2xc4tUlGBHKrKM5mve3HdWh7JtVh%2B3avzRl2MkZuvcULRWeQ80X9UBOTSEdEdytx04OczRp3pg7taumydRFdxerMdz7zBWjUsURrex5mJOdQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377bf0a3c0bcf-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                77192.168.2.750130104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:54 UTC56OUTGET /200/300?random=79 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:54 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:54 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/180/200/300.jpg?hmac=EC8Kweq0GgryGedfHPQFsFTXsZ8NgHaYU5ZnhoGkPLA
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5GKaAFoDD1KN5HW3Dop9k2t4NDqI0%2BYTuplM3m9iD5u387syb6IAt4jpiHk4UuKhb7fm2gE6CMoprmQs1I%2BYab0Xl32Ft1EMZQUNZOGdjdBuWEr7fvmpS6GTRDMxAUQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377cb5f6fea22-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                78192.168.2.750132104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:56 UTC56OUTGET /200/300?random=80 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:56 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:56 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/822/200/300.jpg?hmac=L4-fkLPiZOUXQokdDk0s2gcjb6w_zq1DGU7WybDqrj0
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5bJK%2BLVnE7q0dkRBw%2BmX6bWygBBuahZ0r6cmEakZzeZ8EleVZhyDFQWD2PvXg%2BkyMLMRz3QIOmCtl62bdkPK8WBZourwRS3vumxwEI4W2wRQXpneG24F6x8JYfUSV9o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377d7ae5f6b4f-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                79192.168.2.750134104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:08:58 UTC56OUTGET /200/300?random=81 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:08:58 UTC788INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:08:58 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/29/200/300.jpg?hmac=LrtD-VNd4eRyyMbqI05Mpy4EQNgTdZkSEt5ULyXx4lw
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ELK5EkHTiMBZ8scrIets2o8jrMh7nBLr%2Fvw1IRFExupHdezst6FrKGDp7FbBng%2FFoRF%2FYgBNOGrY2sxFBQHrPGF%2BjgHUvVpt6rg4dXr1yENcWzFizUQ9xPyw7h%2BSL4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377e4ea356c20-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                80192.168.2.750136104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:00 UTC56OUTGET /200/300?random=82 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:00 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:00 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/395/200/300.jpg?hmac=qBCH-WGDS8eV52Y-LKSyEUXBavhsZrpi_XhOFFPMXaU
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bHGP20%2FFUA3oujsAEe6RwSHWUwgSPBJwB%2FOT6wE5x9akMyPdG9JGaoby6VeZiXO%2Bc%2BSeu9A7MCItAZdUtlsXXjkxAIIUlOOMqZyL3WAWbC%2FZoUEJ55wFQ7P9nspotwQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377f1e85c460b-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                81192.168.2.750138104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:02 UTC56OUTGET /200/300?random=83 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:02 UTC793INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:02 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/723/200/300.jpg?hmac=EtJwe3DxhZ1GDiNghxWaO92pvcPcjg02wJzc7Qj7Lr0
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BsEbx%2BVmFxBIDFyvAypgpo1gPyOr%2BWdjATY2jQwFIlJDEqHCpVpEgR%2BfcMInxx2RvYC56e1N6c3r2AC%2BPO1T1wCPdXTO2tkxCfFO%2FFwF%2F9Dq2r1fxdPig7I492BX8g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8377fe2e51e530-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                82192.168.2.750140104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:04 UTC56OUTGET /200/300?random=84 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:04 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:04 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/666/200/300.jpg?hmac=FfmCCw-UuMgMhTLigoNVx2auMxtw-EtixqVwwxaefq0
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b6u1PPgfhYknpCvmX4KcJ2%2Bro7t%2BHXWeVIqjybNRa4CbPq9sQWInHkxp3xXceA5I5UUwr90lM9P59%2FqdSXOg%2F2kNXX2QbaNlaafqmC6REY0AeCIQfUojiIVn%2BaV4WUY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83780a9b7e8d26-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                83192.168.2.750143104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:06 UTC56OUTGET /200/300?random=86 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:07 UTC793INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:06 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/757/200/300.jpg?hmac=su32mJgKVc94YgSiaPE3SzaIM11AtqJgoGffpSTQUOE
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NpjRz3EIG5U11f3myRd1i1TXX%2BFConaXwUAWa6%2FhvbyUSB3kiZRMj%2B%2BsnobkpX25ksjbosZHjSWWdc0GngvccA3oDk%2FUDYISn2L9pVXH%2FMq5WVAE04fbfh1r5yC%2BFHc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837817cfa8a927-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                84192.168.2.750145104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:08 UTC56OUTGET /200/300?random=87 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:09 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:09 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/279/200/300.jpg?hmac=fYDbVmnm7vDGt7SA51v-qMUKHIn7HKCp5v9d8Wx_SVM
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3g213m%2ByDAHy5F4niwN1y3q25YDa3LvsVYc9ffq2f32HwX8HNzQflgEGC5drVrUZ%2F3EK83vQ4mlJHhQM2c6rA2y1qCw4pMDCqqP7%2BMoz6EXxjEePggE8rlMh7F%2Byyig%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378277f866b38-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                85192.168.2.750147104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:10 UTC56OUTGET /200/300?random=88 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:11 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:11 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/480/200/300.jpg?hmac=-NCJbhpqFCFd17uR0DXt17Ccp5H073pZLLaStM6erZg
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gc8HrozHH%2BhWfaI%2F47L9OrWxrSr0%2BygT6CWrFcP7TshoUbfBM%2FsGcDwNJqy9KwKei7BkdQNqm9HRnhxrK3Fn4h3TC592FUqDZ1xyMhWHP5S%2FOZL5S9L2TEaT2MAl6wE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837833aa2ce772-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                86192.168.2.750149104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:12 UTC56OUTGET /200/300?random=89 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                87192.168.2.750150104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:14 UTC56OUTGET /200/300?random=90 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:14 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:14 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/487/200/300.jpg?hmac=jDYxTxKFMi18Gu5h9qt9ttwJKCk1-J6bZeHDtXGL2Vk
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IuKVnUmlMZM2hlBvdnYToELU9v7MgGAGea9t4a4Si8x1Wc8dCkeJ75R2GPbtXY%2B0OZn%2FfcWvBYLv2%2FtewmKH5QrhLSTByLA0%2BI8oNeEvyk0vz7GCjw%2B9OS3TKvZpn7U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378471ba12873-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                88192.168.2.750152104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:16 UTC56OUTGET /200/300?random=91 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:16 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:16 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/509/200/300.jpg?hmac=Y2Mtq5PEipyaFNlDH01CoNhW9to1T8GCuTf6yUSH-TY
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xDBgxzO%2BE6PaADQf5lOl239Jos0APWaWNLD8cxM3W1gqU9CdtcJ5oZHxSfm3qyKwGTJaK50fQKPZr0CUNBmAxspfNBWi%2FZwSij30rCiY0Sx8A7zvuwyF2tX%2Fh6OjFQg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378538ac3e52c-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                89192.168.2.750154104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:17 UTC56OUTGET /200/300?random=92 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:17 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:17 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/284/200/300.jpg?hmac=fvS2Lhb3_MeGZNH-d1zR5710oX4Z8XcKYbFeM3p-B6k
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xQfmttN0gFRyAxxZSQB2u249cEqiQNDaAibBeIi15kV5kJUHtQ2ZHF1OXl59WPHjB8tLFGdVkOKAR1K3U0LSmoMwB30ljq5Xa0HijN7%2FlKQGH0UKYyOHjQeoicyqrjo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83785c0d9d47fd-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                90192.168.2.750156104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:19 UTC56OUTGET /200/300?random=93 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:20 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:20 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/337/200/300.jpg?hmac=0CnfGB9OuB4D8IneXqgjPMaGgLSHBKRjSkl_ITBmDxQ
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z4vz4PnrEi7FRwzk5TYqbNg7XjDFq7XH5OA7AH5HrcMi84LCa3TXXO7UVNus9v065r57pJtAtTrvNybwaGty3x%2BdyTVGkTu9S%2F%2FeIDAXIuvGcoiyk5gtYZruU5FRIBk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d837869af603ac2-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                91192.168.2.750158104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:21 UTC56OUTGET /200/300?random=94 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:22 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:22 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/242/200/300.jpg?hmac=_v7qaiV_fwDB3NP9lpirq7rMvS10u8lHjqMYNmmXya4
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ZQwIqaoifueJz%2Bd0IuG%2FV276RWP1SejecNNAR5zWFqpc0eV7offnGlf%2FCiYM9781IPurxE6GKhBHrTp6N7KI7c4l8VZAMfWpYAFn3XZ84fLv7k1J%2BBXo8t9eurciI4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378762874e7eb-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                92192.168.2.750161104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:24 UTC56OUTGET /200/300?random=96 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                93192.168.2.750162104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:24 UTC56OUTGET /200/300?random=97 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:25 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:25 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/130/200/300.jpg?hmac=ax-dkx2e5CJww9f5IfH-mUHr_9eNBKUNGHcA46-0oB0
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0x8HrVZg1OFhWeTsz0GBhvI9y6H3uvl5%2BPftMm20yCT%2Blp5qIfD4ZJCv6BWYmTbzKENMfeQI7MtkpTxnU%2B6zy7T0JzFHqr24Kk3fMgOltwilc9fpLLwE%2FdjswCAy5RQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83788aaaeae589-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                94192.168.2.750164104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:26 UTC56OUTGET /200/300?random=98 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:26 UTC779INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:26 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/857/200/300.jpg?hmac=kFf6koUaHH4bIVWuoXIIsmZJQM_9Ew5l4AOeLL2UoG8
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDteK68eHT3mcypy0Qm9FtB4kUgnAlD0vIbFPMmzME6niVMlbsHN8Sl2VPdv5ibf9DCcNQ566Z0caOaDPSlgDYFBr2OAscgmep7yzH9qaXe5GqWESU54fy7umATaj2Y%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83789449a17d60-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                95192.168.2.750166104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:28 UTC56OUTGET /200/300?random=99 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:28 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:28 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/543/200/300.jpg?hmac=JHbKAeHI7u3kPoNG9pE9vFnF8ozQabbnwrDwHxdcqv4
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NZhJZXI4GZvyHUFoLXpbHFmB27GHeEDu22ytK%2BPZGAoX2Niy43jWW5aLsOOwTdHb%2FCcaJgByjuCTWIdG2GyizeZZ7VtB%2Ffvsk57xr6bsMRQ3fYTF3m8ssUuwmQQfhiU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83789f9bdf2c91-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                96192.168.2.750169104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:31 UTC57OUTGET /200/300?random=101 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:31 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:31 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/546/200/300.jpg?hmac=WRVm_tMObPuM2HqJCr5D6N59Mboh73aqEno4MCuu5AE
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XepjEk%2BvUIfMWjlyzMbkG929I2Tq%2FSu7zCmOaAuisAKwWOp6culuhrXvAVPZzyLJhuRInkAzbiWNanRJcCkblfmHb20ece2Eg8hUcdoiFITHTc0IZGdRa%2B8VtmVlWIA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378b1c8a46b40-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                97192.168.2.750171104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:33 UTC57OUTGET /200/300?random=102 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:33 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:33 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/290/200/300.jpg?hmac=kjRyFwJ6i5kuROjzxcs6QbXbBr8EptbH5AuVxtMxhQ0
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hpqOQiZ54xwxuixpypAMMVFM1Vz685QQHKHGhVG0szmezd0SfLUZ2%2FEIQ2JKjPkNHxwCWDvbz3u2K33dJzBvRKZDFkN%2FHy0OyaJI04gIkzDlxFBOxZDpdaPsFZUaJLU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378be4bd5eb33-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                98192.168.2.750173104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:35 UTC57OUTGET /200/300?random=103 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:35 UTC791INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:35 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/315/200/300.jpg?hmac=C67WPcnxkaV_SPowHi-8nl3yoODZSBZqnoOdBObP5Ys
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0e%2FpYFyNxxjeiPrfUohVTjwJpmER%2Fxm500yEOcske%2BLz6cQoZ%2BhXUawE9H9hdBUS6EpJPCjbYE%2FPGkYZrYnc%2FWuhPeycM0rODgjcmSnhH86JBl16ZKmPvzyT85vxx0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378caca126b64-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                99192.168.2.750175104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:36 UTC57OUTGET /200/300?random=104 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:37 UTC781INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:37 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/367/200/300.jpg?hmac=9v6fvZlygxFPleXOePw645QmRd9ytp91VGVQaolJKIk
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WSb3W44EuVoth1g6JiEtxvi%2FrmFjMXROYe4gnRYOIBvzXCiU6kY7or5Yd65Bj8g01d7gepdJDXeCBk8oZTs36P8DN11u2aBmfoZMlIUPfKUduNy5k6ycE1TSCjxgngQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378d5d9d86c6f-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                100192.168.2.750177104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:38 UTC57OUTGET /200/300?random=105 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:39 UTC793INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:39 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/360/200/300.jpg?hmac=Fl1CgUfxrFjmcS1trYDG80XpEjYixcXfc2uTtCxFkDw
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EBh325rqFF%2FA%2BWHHmLUshqIs2uWmugLxbnUlQA3%2BqaJRLgHcSOP050CzBCmGuS%2BsNd7ly6ucstANzj%2FHSWmEuhRF5av9xcSjb5C1KjmwA4Ft%2B9WZ%2FExGkqn1OyO9NPI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378e1fe262e22-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                101192.168.2.750179104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:40 UTC57OUTGET /200/300?random=106 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:41 UTC788INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:40 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/15/200/300.jpg?hmac=lozQletmrLG9PGBV1hTM1PnmvHxKEU0lAZWu8F2oL30
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4F3sf6j0CCqswYDziK%2BerWdwhe7I4%2BNlhQPokOeXCbjGMTHyRIZMxD7bv9pszextlVhvHZUMZqqTBgs%2B7Z3Uv5t8O5wdqSXf95e1OwbMPMr%2FfN5tpnz2nwF%2BoMs3wJs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378ee294a0bac-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                102192.168.2.750181104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:42 UTC57OUTGET /200/300?random=107 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:43 UTC790INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:43 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/34/200/300.jpg?hmac=K076uH4zC5xneqvhRayjS90G00xjPsR7eL_ShGEr6rs
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o6w9AeqkXbM0JSd%2FGfv%2BEiKjUWMCQfegtRYTA%2BIwgcNSy%2BWFkSOk0Gr4SyDsXQbvVEzBzkimkFbCsD8UBq8NPcoHvdD8AHUD6QhpIlkV%2BOB7K4ZZJtUDk%2BJMuttGSgg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8378f92808e997-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                103192.168.2.750183104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:44 UTC57OUTGET /200/300?random=108 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:45 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:45 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/383/200/300.jpg?hmac=sP8wzjNbIJGIPQg-3A86o43HsTopJPnwV73iSCwH9cw
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eDP0%2FH7QgmvMtMYc6XL7jkUrWW0asIsKlKWdNjHCcJcD6VfV6ie4bVYgy9tp8FaXPpHr%2BuZLh3mlgdmIY9LZtu25jThBecSu5bpCb%2B3f4hhHrtFQ7q9vWm%2BwazK2KG4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83790619e53468-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                104192.168.2.750185104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:46 UTC57OUTGET /200/300?random=109 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:47 UTC791INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:47 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/432/200/300.jpg?hmac=S0muAtaN6T0PXbBlf5O-UL0chTPM6i9FReOIs0IJlDU
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mq9kHtg8dgkP%2BarwBL1b8RUMOz1UUXh0P6Zn%2FxlgW4sbW81BdQDaF%2FntVsDc8j8%2Bd%2BfryIc3cqV48KeKAhdQUZ4Vf2AkD683bmWrMIb1rCml6%2BmDZHbvvIjpHpxVFn4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8379123aa86b28-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                105192.168.2.750187104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:48 UTC57OUTGET /200/300?random=110 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:48 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:48 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/152/200/300.jpg?hmac=eCdUqkEQWPiigXtrPPzcwO9QeKYgOrV_YWW0LoFkuyk
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0DkAZu2RzJk7okvxAsp634u4FxTPQGPkjkV6mwj7VEv4u516EJ7R9OQ%2FgDhcWdPGrMYaib%2FCISSBAlGNZSx7sj4wIcqjK06u83%2BcK4FBnnd3eqQvMYf7U7gkeKProRo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83791c283e4863-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                106192.168.2.750189104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:50 UTC57OUTGET /200/300?random=111 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:50 UTC786INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:50 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/32/200/300.jpg?hmac=rNLw7Y7-RK2isGxXfSq90mzxSpKSXsRuOkvkGdEGK9c
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SssiqUtELJuexaSpJWRpKqJAKMzHKdtQ6hDJj4w716X%2B8L7BLLCXI5bV1tk4nyHePcJLuWWIbGYBxpdalQUZfuLPQ86A%2F%2FCDBUsvI2qCVd1jy%2FGXchiO8ordUdx1a4I%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83792888a0ddb2-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                107192.168.2.750191104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:52 UTC57OUTGET /200/300?random=112 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:52 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:52 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/370/200/300.jpg?hmac=7gPWuhI1_LDcGkEssyW-1sPKu9NVl1KUoOs0nH7KXno
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UjQVCvq05vj9k00iM9%2FvGG8NTZ05RR2jWLqWah7%2FSHAuVitIdjd0z0XeYneV6RleM4gkFffLwHCD7nNpA9XltNK%2FWcSI8PmfS2YXvcSGzyzJTf%2BBWodr0UtiY2geGOQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83793509112d39-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                108192.168.2.750193104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:54 UTC57OUTGET /200/300?random=113 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:54 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:54 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/191/200/300.jpg?hmac=CHbfFOcICYpJ4GXstpLztK5ds_l5NYOdgHORuCEIY_g
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZ%2Bimsk%2FggEJZ4ByObrps176Nf9FhpWSzEtOKdg9acy1VyRIM5XnouWKOEE0Uk6JQZufX5p2F0uVhvVQdq2W78js2y%2Bl3Zp2cfJ%2BMJ1Xf0wV%2BZBstIFy8ALMjfqkqwg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8379412f4f6b55-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                109192.168.2.750195104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:56 UTC57OUTGET /200/300?random=114 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:56 UTC786INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:56 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/99/200/300.jpg?hmac=Hnlwbe_FdfH-64B_lvRcwVnK7KViI5YgtT8AQRfkFwY
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d3IsfFdMrlHfSxo05hNcWd3Oy9fKiCSJtH%2FAEv2lW9RqQe%2BkDVkM5KDubtKG9Pe0jg2X3ORrECrjw8YadAaeo22%2BRUjaFVIxB8gUHwr0nIX7guUiTWRZY%2BUbL7djvQc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83794db8ed3166-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                110192.168.2.750198104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:09:58 UTC57OUTGET /200/300?random=116 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:09:58 UTC778INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:09:58 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/92/200/300.jpg?hmac=9Eq_kpOk-5TZ2YHExdgGL_iYGHpJNmvUogSdSuZzGYE
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QKym6m3jNZxuATYbxnKRlDKA3kpApTryY0dTcH97zihzH1cRDzghJo2kd77AGL474fDINGkTIBMogz3BqfD1YBuDfhj6TZTFK7DvgVVceSpr0vIvBHnZXPXvjZ56xKk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83795c2dc06b95-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                111192.168.2.750200104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:10:00 UTC57OUTGET /200/300?random=117 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:10:00 UTC783INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:10:00 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/529/200/300.jpg?hmac=WqdWbOIAJ1H2q4r92Fc4KXM--xvRadidXmV5P2R1rDg
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BL3uANUkzXEfdS4vHbwk3VrMgUtW%2BTlW2VZN4WrkTwWxsHDANoifPdIV6XsCm1%2BMuBN5YVrQt6HAu5wdh6kUKSixAuFfuPxLHCnDml7mnSIaA0yFWM9pHxFbuENne1c%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8379686b33e732-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                112192.168.2.750202104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:10:02 UTC57OUTGET /200/300?random=118 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:10:02 UTC785INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:10:02 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/938/200/300.jpg?hmac=MVXKrDXBUPK5fv_Ev3FTdCFeYf9rvJE2Tz9xynjeelM
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KcXmRFCDIyVMlXHoDVT%2BtdzzRasXJJugjeLel82t23mkRxmG8jZZkiGogikeHpc%2F18gaExfEGUK9D3gKXEClBXHhSRAuZvicycvOc6btIZ2NCGUKfq0IV6X%2BtVAOwbs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8379753ab00bd8-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                113192.168.2.750204104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:10:04 UTC57OUTGET /200/300?random=119 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:10:04 UTC786INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:10:04 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/1040/200/300.jpg?hmac=Q4ntfv8HG_O9dfwjINSmS4oQUot0YUwT_6bezgKA3Jw
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sMavhSlFNJpJDbB5K5yOMJOjZ1UW4cfxS1VvM5094GDdZ0SF%2F%2FihhJMP66vNeTUFw1mtlVVJ8I9RG2AZ2yuqEWIvjqsyuXWBoNsyUkwu%2FGIUlANz3O75maKUIvdA5p4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83797fdcabea8c-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                114192.168.2.750206104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:10:06 UTC57OUTGET /200/300?random=120 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:10:06 UTC782INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:10:06 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/51/200/300.jpg?hmac=w7933XDRbSqrql6BuyEfFBOeVsO60iU5N_OS5FbO6wQ
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TfDxKZmJCW7sXoTVDYXNAcjGXuP52QUELHygiheZEC4yFL77FSGeURUtEsI6OuARUWRlI7Z8FenvdDMjanuyf5XOuJbJv%2BRT4Rc%2BmpEtszttyQdTnWUK4tzjR5nLayw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83798c2d444602-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                115192.168.2.750208104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:10:08 UTC57OUTGET /200/300?random=121 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:10:09 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:10:09 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/217/200/300.jpg?hmac=3GPQ-pPnL4D8miCKA0qNqIg4zr5Ponvl9OVH83CeGuc
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFJjfdqHgJ%2FhCU4tTrini58J%2FftkK9JZpkZnaGLiLB2UpVXLn7YQTzxj3%2BKCUORqVndt5Ij96A6%2B0UrIYO0ei6rhBJo4wp962YO7pFHa4AzSAbgae6RWlHrhrQpSH9Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d83799deadc6b5b-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                116192.168.2.750211104.26.4.304437644C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:10:13 UTC57OUTGET /200/300?random=123 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:10:14 UTC789INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:10:14 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/906/200/300.jpg?hmac=7sarKOMVDlgOBTc6eUDUf0M4S-M-4jF0X0uix_sMALU
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJQh4BA%2BEXUaX1EMoZoW7qtb5fdu0f89mljsRvosX8kr%2FQl1sz2h5gKCQmqIBM4ZBV5RQWmaAOzNrIuy%2BhWesZMDNbiEAAtVwXSpr2%2BU%2FWFtnQmFrkyRC9RJQq8tNOQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8379bade2d2cd7-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                117192.168.2.750213104.26.4.30443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-25 16:10:22 UTC57OUTGET /200/300?random=124 HTTP/1.1
                                                                                                                                                                                                                                                Host: picsum.photos
                                                                                                                                                                                                                                                2024-10-25 16:10:22 UTC787INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                Date: Fri, 25 Oct 2024 16:10:22 GMT
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                location: https://fastly.picsum.photos/id/693/200/300.jpg?hmac=mVvEbAr0g-bdhrVxrz7IorqUfEy95C2hPkIT9Vm3nn8
                                                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                vary: Origin
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B9thws9J1ye98cI9FChpOH06vDr2cZzHmmZq1I9zwbh3hYlOM%2FvGbqWivgJG3MYcRWTnNC3QqruoUBcZVDyx%2FJ0ox3qJvK%2BZ%2BnZyIfjQRbG3I3ZYIYufsMBP8jKbiF8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000
                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8d8379f20e3b2e19-DFW
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:12:06:08
                                                                                                                                                                                                                                                Start date:25/10/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\cabbage.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\cabbage.exe"
                                                                                                                                                                                                                                                Imagebase:0x1d4153e0000
                                                                                                                                                                                                                                                File size:15'276'544 bytes
                                                                                                                                                                                                                                                MD5 hash:81E184C5842808438D0C3AC633885C1B
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.3783711899.000001D428ABA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:12:06:08
                                                                                                                                                                                                                                                Start date:25/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                Start time:12:06:13
                                                                                                                                                                                                                                                Start date:25/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
                                                                                                                                                                                                                                                Imagebase:0xca0000
                                                                                                                                                                                                                                                File size:65'440 bytes
                                                                                                                                                                                                                                                MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000005.00000002.3758733093.0000000001100000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00007FFAAC8202CB Relevance: 1.7, Strings: 1, Instructions: 470COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3806165142.00007FFAAC820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC820000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac820000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: z_`)
                                                                                                                                                                                                                                                  • API String ID: 0-1701381538
                                                                                                                                                                                                                                                  • Opcode ID: 999de6937f469d0601994ea6f2a139186dcd5c10464d2e79ecd592213b5ed6c8
                                                                                                                                                                                                                                                  • Instruction ID: 98da48602af9ea1bd78d1dfdb23747cc2966ae95b466246ebcb9116197d20a0b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 999de6937f469d0601994ea6f2a139186dcd5c10464d2e79ecd592213b5ed6c8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25024734A055198BDB48DF58C994AEDB3F2FB9C311F2081AAD40AF7780DA35AE45CB64
                                                                                                                                                                                                                                                  Function 00007FFAAC72A4B0 Relevance: .4, Instructions: 427COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7616e5f444ab9e870e761c166c95b4a2de7604ca13e77299c65e4e90b2e2f102
                                                                                                                                                                                                                                                  • Instruction ID: 9468e1f4f65e4a793b28f1de1c770d2657565b1e73e25c884948507ae19b9e34
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7616e5f444ab9e870e761c166c95b4a2de7604ca13e77299c65e4e90b2e2f102
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2E17C70A04A0D8FDB58DF68C494ABEB7F2EF99311F10416ED00EE7781DA34A985CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC72CF5D Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 27b217653b4cc0778555c1e236836f37658f12e9558f4d9bdd7e68f5c2ab87c2
                                                                                                                                                                                                                                                  • Instruction ID: 2e36c830bb56ac3651f39eb88a9b9190bd0f913b690244e9715dea37e2bf14c9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27b217653b4cc0778555c1e236836f37658f12e9558f4d9bdd7e68f5c2ab87c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AB19175E165199FDB58DB58D991BECB3F3EBA8300F1481AAE00EE7680DA349E45CF40
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1421 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 026cb4e168583ab8a2ddb568882be00bf77f77ef083fda19b8d64ea4c80c46c2
                                                                                                                                                                                                                                                  • Instruction ID: b71a964d3fb617e16aef0a04fa5f5cf9dc15a3a5203a0344a033e9b596f9f22c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 026cb4e168583ab8a2ddb568882be00bf77f77ef083fda19b8d64ea4c80c46c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9181C475C0E38A9FE7569F6488151A97FB0FF1B310F0941FBD448CB1A3EA24AA18C791
                                                                                                                                                                                                                                                  Function 00007FFAAC7206B0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 86f52535c68d6b20585ccd65295886bc9b84542fdb4dcaad0a1d82f145862225
                                                                                                                                                                                                                                                  • Instruction ID: 3ff50be3332a0977c7148dd1a64b4019fdc66761bb4875ba43db47549a0e825f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86f52535c68d6b20585ccd65295886bc9b84542fdb4dcaad0a1d82f145862225
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9815F75E1410A8BEB0CDF55D9A19FEB7B2EB98311F24412E940AF3780DA34AE05CB65
                                                                                                                                                                                                                                                  Function 00007FFAAC72971D Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7d7d4f8450292e5200041add53554900284da9edbefeda5a05df4bb5464190a0
                                                                                                                                                                                                                                                  • Instruction ID: dec397d17b60a8e3ee38fe36cfe1d1b6709fe21e98bc7321690f431869ce3a3f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d7d4f8450292e5200041add53554900284da9edbefeda5a05df4bb5464190a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6818F74E0851E8FEB48DF68C895ABE77F2FF99301F44856AE019E7291DF34A9058B40
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0B8D Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4ec2fc43505d72a2ab103b9dd4ccc64f83f47172d3dc6ae3b0b5af7c93d5b1ce
                                                                                                                                                                                                                                                  • Instruction ID: 014ed107d034f872b4efcb4c8b9b4199cb5af84d7a760167798ec317c120bc28
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ec2fc43505d72a2ab103b9dd4ccc64f83f47172d3dc6ae3b0b5af7c93d5b1ce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A51B0B180E7899FEB52DF6488595A97FB0FF1B200F0985EBD448C71A3DB34A849C781
                                                                                                                                                                                                                                                  Function 00007FFAAC820605 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3806165142.00007FFAAC820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC820000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac820000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 60d298f18d1cb473c3c5d2f942d89b3bd99229c3eb4727095a84a8077b0be175
                                                                                                                                                                                                                                                  • Instruction ID: 00d217086f3d9b7f2f9df7dfcc2f53d0db544668ad6a0de2203e28236e38e404
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60d298f18d1cb473c3c5d2f942d89b3bd99229c3eb4727095a84a8077b0be175
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2513A75F145198BDB4CCB68C9946EDB3F3ABDC301F2482AAD40AF7384DA35AE458B50
                                                                                                                                                                                                                                                  Function 00007FFAAC8B14F9 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1a6c03a4b9af198c0bc74b3e039da987d4a50c74b44e943c99207785d6f60612
                                                                                                                                                                                                                                                  • Instruction ID: 6556a5ab706414367c11b4f84d9871955eae05191667d72b3af6a7ba292f6865
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a6c03a4b9af198c0bc74b3e039da987d4a50c74b44e943c99207785d6f60612
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 532183B580D7899FEB829F6488185A97FB0FF5B300F4941EBD058C71A3DA389948C791
                                                                                                                                                                                                                                                  Function 00007FFAAC8B18BD Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c95423ba82c3b336279b9ea82b065806a7153dcffae338aa2e99e8bd7f045461
                                                                                                                                                                                                                                                  • Instruction ID: 0944c90a752eed556b6753e6af3b48440ed46ab110a15690124035915e259538
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c95423ba82c3b336279b9ea82b065806a7153dcffae338aa2e99e8bd7f045461
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56219DB5C0E3899FD7428F6488552A97FB0FF5B210F0641EBD448CB193E6789908CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC729D99 Relevance: 4.2, Strings: 3, Instructions: 402COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 6$b4$O_H
                                                                                                                                                                                                                                                  • API String ID: 0-2276821147
                                                                                                                                                                                                                                                  • Opcode ID: 074bf0d270bb350509a76593de5a76fce6e312f7c8b972effafe62bbd1607326
                                                                                                                                                                                                                                                  • Instruction ID: 2787f3f54069f41b3b83aad89209105ce09acd34f14c580ac48841c759e696a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 074bf0d270bb350509a76593de5a76fce6e312f7c8b972effafe62bbd1607326
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFC10B72A1DA8A9FE798DB28D4456B977E2EF96310F04817DE04EC3696ED24DC0787C0
                                                                                                                                                                                                                                                  Function 00007FFAAC721A8D Relevance: 1.6, Strings: 1, Instructions: 363COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: )O_^
                                                                                                                                                                                                                                                  • API String ID: 0-910739517
                                                                                                                                                                                                                                                  • Opcode ID: 3e02f50998b77eb8fbffa298cb0d72fd73c111a574b7031d0a2ba100a892bbaa
                                                                                                                                                                                                                                                  • Instruction ID: f3b62a39e0451734c115eb75cb83440bdba742551504209ff0ce3ab5a82511c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e02f50998b77eb8fbffa298cb0d72fd73c111a574b7031d0a2ba100a892bbaa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DC1AE75A0950A8FEB58EB68D4509FD77B2FF96301F148139E00EE7792DA34AC45CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC72A6A0 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: b4
                                                                                                                                                                                                                                                  • API String ID: 0-3371602342
                                                                                                                                                                                                                                                  • Opcode ID: d2a3a84b235f628950d8c72010135284ce7591532b1dcc4bd79baf96f09eb37f
                                                                                                                                                                                                                                                  • Instruction ID: 83f7596763f82ec737b655374bb4a47f12baa6ee1ac2cbad2f637e079032b3f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2a3a84b235f628950d8c72010135284ce7591532b1dcc4bd79baf96f09eb37f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D41F372A1954E8FEB44DB68C8456FEB7F1FF95310F44457AE00EE7281DA34A944C781
                                                                                                                                                                                                                                                  Function 00007FFAAC72E8BF Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                  • API String ID: 0-591682393
                                                                                                                                                                                                                                                  • Opcode ID: 036f069be62ba5b3820e3b6c86407747fbb756cb291894eb375ced13efc94bf7
                                                                                                                                                                                                                                                  • Instruction ID: cdc72c70859816a16e65a432547d8713afd2f723079cb576c9adc8971ff62a3a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 036f069be62ba5b3820e3b6c86407747fbb756cb291894eb375ced13efc94bf7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3041CF31A09A0DCFEB88DF68D8A05BD77B1FF55301F54012ED04AE7681DA34A949CB81
                                                                                                                                                                                                                                                  Function 00007FFAAC729AC5 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 5*O
                                                                                                                                                                                                                                                  • API String ID: 0-1315882005
                                                                                                                                                                                                                                                  • Opcode ID: e33ef2121a9d25e4f4a2c89cdfcc422a8d442c7ecfbd87c36ab0f4e18c168aa9
                                                                                                                                                                                                                                                  • Instruction ID: bb52b4336bd46050a77bf23bdab44a51439edfef7723ed93dae93d334213c036
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e33ef2121a9d25e4f4a2c89cdfcc422a8d442c7ecfbd87c36ab0f4e18c168aa9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C4180B4E1451A8FEB4CDB68C8556BE77F2FB99301B18852DD01AE3785DB3498068B80
                                                                                                                                                                                                                                                  Function 00007FFAAC72E92D Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                  • API String ID: 0-591682393
                                                                                                                                                                                                                                                  • Opcode ID: 34b7d7f633b75823b4de876f0942cb7a4b97d944fe07d80d15ca7202224a38cf
                                                                                                                                                                                                                                                  • Instruction ID: f5017090b578d322e7b45d4930e65b979dbe66f020addad74e9bd3964ee98761
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34b7d7f633b75823b4de876f0942cb7a4b97d944fe07d80d15ca7202224a38cf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9841AE31A19A0DCFDB88DB68D4A05FD77B2FF95301F54012ED40AE7681DA34A949CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC72A738 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: b4
                                                                                                                                                                                                                                                  • API String ID: 0-3371602342
                                                                                                                                                                                                                                                  • Opcode ID: 2857341642d40fe35c695afbb1283173d9efb0f0de7a935d16a6933ef589c45e
                                                                                                                                                                                                                                                  • Instruction ID: 3e3b4e3efef912386d6733488b3d48a4fa865b6141f51c464a930e74ff13232d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2857341642d40fe35c695afbb1283173d9efb0f0de7a935d16a6933ef589c45e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4731E572A0550E8BEB44DB68D8516FEB3F2EB94311F54413AE00AF7285DA349D04C791
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1D3D Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: r6
                                                                                                                                                                                                                                                  • API String ID: 0-2984296541
                                                                                                                                                                                                                                                  • Opcode ID: dadd4a34211b94fd2a3e231707a114bbee7d03f5dbf8918f4e1d9fb4de19d397
                                                                                                                                                                                                                                                  • Instruction ID: dbf28e85bdb89c981954bd0a34a62719caaab4766ad7d362af288ca9698d9332
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dadd4a34211b94fd2a3e231707a114bbee7d03f5dbf8918f4e1d9fb4de19d397
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B221953190DA8D8FEF85DF6898556EE7BB0FF5A311F0841B7D408DB192CA34A84987D1
                                                                                                                                                                                                                                                  Function 00007FFAAC8B04FD Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 76_H
                                                                                                                                                                                                                                                  • API String ID: 0-695864863
                                                                                                                                                                                                                                                  • Opcode ID: bdde0a9bc62115e8869700084d2d2cf597546cf867380b3df1deac5e69fe9348
                                                                                                                                                                                                                                                  • Instruction ID: 1ba427f68cf8bff2804bab5a935f67bbc4f08bd749b7b690ca7d6aa92769098c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdde0a9bc62115e8869700084d2d2cf597546cf867380b3df1deac5e69fe9348
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB1190B1908A8D8FEB84DF6894496EE7BE1FB6D300F044076E509E3692DB34A8558BD0
                                                                                                                                                                                                                                                  Function 00007FFAAC72B689 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: :n Z
                                                                                                                                                                                                                                                  • API String ID: 0-3802250683
                                                                                                                                                                                                                                                  • Opcode ID: 77a38cc2eadb52902f3cabe0120c3badde6f38aabbdc657209f5ae75de9c8b9c
                                                                                                                                                                                                                                                  • Instruction ID: 26f7b92f9ca54a61f60175c773b6763340e659a64a05c038bbceb31b5753419a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77a38cc2eadb52902f3cabe0120c3badde6f38aabbdc657209f5ae75de9c8b9c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0E0C232A0511E8BDB08DF94E0D24FEBBA0FB00230F00413EE90FD26D0CE668591CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC721AD3 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 663a81ab1c5eedaa2ad7524c47cb28f8d7cfe88d7dd3025def779c8ef8d566a5
                                                                                                                                                                                                                                                  • Instruction ID: fd2d5ca791991d490b13b5ca31330564a745fc44554ef3abee1a091ceb2a6449
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 663a81ab1c5eedaa2ad7524c47cb28f8d7cfe88d7dd3025def779c8ef8d566a5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFB18B75A1450E8FEB48DB68D4909BE77B2FF99301B50813AE00AE7785DA34AD46CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC729F8A Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 34296c5fb50b618898376bf4b1ff708c431721e406c186c0c2f20fb7390ecae8
                                                                                                                                                                                                                                                  • Instruction ID: 1b5ce57cacdee13c25b8a8b930b4b68454c75e232cab54a953179d64135c8d43
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34296c5fb50b618898376bf4b1ff708c431721e406c186c0c2f20fb7390ecae8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A51F771B19A8A8FE798DB28C8556BD77F2EF95310F048179E00ED3696EE24DC468780
                                                                                                                                                                                                                                                  Function 00007FFAAC72B2A8 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 49ce0e99dc63c80c49e87bf932492036239d7a56c40de95c63530aa0b9185bf6
                                                                                                                                                                                                                                                  • Instruction ID: 4ca4b6f1bad6ab38af032623ad9b935559f8ddffb9cef74ff5ec04655437c401
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49ce0e99dc63c80c49e87bf932492036239d7a56c40de95c63530aa0b9185bf6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21512874A09A1D8FDB88DF68C494ABDB7F1EF59311F1040AED00EE7691DA359985CF40
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0595 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0062f0e7fba964d3667a293293ec2c456147450d212a5d6b4d8f943315886de5
                                                                                                                                                                                                                                                  • Instruction ID: 111cd61df43ea58d815fd8aa8417924c7f2440aaee3e6c8a6c87752613cf055b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0062f0e7fba964d3667a293293ec2c456147450d212a5d6b4d8f943315886de5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9441E3B280E78A9FE7529B6488156E97FB0FF5B310F0840F7D44DC7093EA28A959C791
                                                                                                                                                                                                                                                  Function 00007FFAAC72079A Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 71bfec5c67f3c08f8c14217c136fe1f77c3d2a957bf488b3ff523799133e3a15
                                                                                                                                                                                                                                                  • Instruction ID: 80fab12a4f0415fdbacd9fd4fe5a51d6845cfd25ff67eaea682a888f5fdffce3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71bfec5c67f3c08f8c14217c136fe1f77c3d2a957bf488b3ff523799133e3a15
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4841A271A0450E8BEB18DB58C9515FEB3F2EBD9311F14813AD00AF7785DA34AE15CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC729431 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4657e0f61b6c931a4a3e9a9f802464c89a530e67486edce9e4933c86320b561d
                                                                                                                                                                                                                                                  • Instruction ID: 6e6f234e7504a5716bda24419fa8660f35027a2bebe26f7029d4d866fbf7ea42
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4657e0f61b6c931a4a3e9a9f802464c89a530e67486edce9e4933c86320b561d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF416A71A1590DCFDB88EF58C494ABD77B2FFA8301F504169D00AE7694CA35E856CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC721C7D Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8ba2ca95439f3e9e754950efde7fef257c913f55db1ceb9e730568fe24cb9275
                                                                                                                                                                                                                                                  • Instruction ID: 8a811c8791ffcfac97adedd992c9210f1f1cb9d4fc01490b7d9876c95903faa6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ba2ca95439f3e9e754950efde7fef257c913f55db1ceb9e730568fe24cb9275
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2316D30A04A0DCFEB94EB58D454AED77B2FF99301F40857AE00DD7281DE35A846CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC729877 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a9ee5b674b76094689bcc185a75c968c2b07600f998c48a5a7f1ea7439bb8765
                                                                                                                                                                                                                                                  • Instruction ID: 99981c9cf7601a0f642514033e01805994ab05c58b76685f87a155a568e2da63
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9ee5b674b76094689bcc185a75c968c2b07600f998c48a5a7f1ea7439bb8765
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C313070F5452A8FEB0CCB99CC955FEB3B2FB89301F08852AD41AE7394DA74A815CB40
                                                                                                                                                                                                                                                  Function 00007FFAAC72A030 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1fafc1ee450b3a05e9bec94fa85342cf1cc5e021338ad274457d4ab87c2a1b22
                                                                                                                                                                                                                                                  • Instruction ID: a659a5ab2db90517d79172ac818499ea97f15ba785eae7bccf0a4a4df116ff06
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fafc1ee450b3a05e9bec94fa85342cf1cc5e021338ad274457d4ab87c2a1b22
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3319770A18A4E8BE758DB58C8446AA77F2FF95310F008579A40AD3695EE34D9558780
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0405 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9c801c28f6a11690313ab1df38bc9233400fa05e7bb0ae1c79d8a5b6bb07806b
                                                                                                                                                                                                                                                  • Instruction ID: 6994edf9a9e104a35ddcb0e5ba342dbead54aa3694386cf1ee52027d867a9cb8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c801c28f6a11690313ab1df38bc9233400fa05e7bb0ae1c79d8a5b6bb07806b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D21D6A284E3C58FE7138B7498551E57FA0FF17214B0981FBD088CB093EA28A95BC381
                                                                                                                                                                                                                                                  Function 00007FFAAC745450 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 78151ecbe3b2c7eac315e596d74c55a83ef6a77bcc659a98c68e084f257d4146
                                                                                                                                                                                                                                                  • Instruction ID: ae00ae93da5782118d0fc44627f547d8d1726228aa176561fa0f28b850c22e89
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78151ecbe3b2c7eac315e596d74c55a83ef6a77bcc659a98c68e084f257d4146
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16212871A1491D8FDB88EF5CD854AEA77F2FBA8311F04426AE409E7754DB70A8548B80
                                                                                                                                                                                                                                                  Function 00007FFAAC72BBB5 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e2ce05f7a063570cba249b7580b39508f05726d79c5097e31494a08a42740f8e
                                                                                                                                                                                                                                                  • Instruction ID: b9e4e1b7b63bfcc297156a37c71fd3479e6f39d94a932f8ca8ddde502a565540
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2ce05f7a063570cba249b7580b39508f05726d79c5097e31494a08a42740f8e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1218B71908A4DCFEB95EF28C849AEA7BF0FF59310F0401AAE40DD3291DB75E9548B80
                                                                                                                                                                                                                                                  Function 00007FFAAC8B08C5 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 252580c0b634d0cfcc04a7b1e1a165ba7de53041ad226f8f9067807e25ea2d76
                                                                                                                                                                                                                                                  • Instruction ID: ae009d3ee744a908f174b1a9729d6c7f68a6165ab640c703b17892f6d1b418e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 252580c0b634d0cfcc04a7b1e1a165ba7de53041ad226f8f9067807e25ea2d76
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3521BAB280D7C99FEB429B6488551983FB0FF56210F4981F7D08DC71A3DA28A949C791
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0195 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 97aafb0104560efbc4333a8d769b78fb29da33b8fda7ca80f67b1c8c2a1b83bb
                                                                                                                                                                                                                                                  • Instruction ID: 1e49d4d3c0172a63c762860affcd764af8b3f94a36c2635acf42e1e4df78fc85
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97aafb0104560efbc4333a8d769b78fb29da33b8fda7ca80f67b1c8c2a1b83bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2221D3A280D7C98FD7579B6898122E93FB0FF17204F0981F7D48CCB1A3DA28A949C741
                                                                                                                                                                                                                                                  Function 00007FFAAC744AB0 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 24d992cf2a6ac98abed09eb9f27698df6f6c54c48d881f7608398d5080149676
                                                                                                                                                                                                                                                  • Instruction ID: 969081f2f5b0869e1ac003c9f073eb3594d13ac7a92aa9715538ca2fdd0db457
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24d992cf2a6ac98abed09eb9f27698df6f6c54c48d881f7608398d5080149676
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58213671A14A1D8FDB88DF98D855AEEB7F1FB99311F00416AE40AE7294DA30A814CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1A21 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 86c73932a8ef041b082a3faecdb74c4415be63a466a63461d0f0d92c7691ed37
                                                                                                                                                                                                                                                  • Instruction ID: bfd75bbd674682acb5316b0a3fd5b7e97cc69e7459b2e99856a7dd0727a6d615
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86c73932a8ef041b082a3faecdb74c4415be63a466a63461d0f0d92c7691ed37
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8921747290D3C98FD7529F7888551A87FA0FF57210F0945FBD488CB193DA28A959C782
                                                                                                                                                                                                                                                  Function 00007FFAAC72BD9F Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d6351f080198e3e85728a9040c2c7265365270ffb8b81301a46090c904d96f05
                                                                                                                                                                                                                                                  • Instruction ID: 9f80bfa99059bccb553a9542b5e8653fc1d996f52d6c5aff7354aaab5f3dfac5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6351f080198e3e85728a9040c2c7265365270ffb8b81301a46090c904d96f05
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05218FB5F1550A8FDB08CF99D9419EEB3F2EBD9310B248225E409E7344DA38DD05CB61
                                                                                                                                                                                                                                                  Function 00007FFAAC72965D Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f150c785ed21fa093651997b342953913e2887a942deed22ac9aa24cf5c3cb12
                                                                                                                                                                                                                                                  • Instruction ID: a2162858b838df3c3768b751abeebed070e33f472eb00b4cde5fc9a5cb67133a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f150c785ed21fa093651997b342953913e2887a942deed22ac9aa24cf5c3cb12
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC212667D0D6898FF315B7B89C291E9BFF0EF06315F0884BAD04CC6193EA6469588781
                                                                                                                                                                                                                                                  Function 00007FFAAC72BC41 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3848aaf2c0b3ee7bbc3559066b6c5a0d67dd6c9db84e08848c5ecde98d25211c
                                                                                                                                                                                                                                                  • Instruction ID: 71a80e4adfcde3ed028bc72ad7abec5ac47d7882b865342aa49ac8bce4942b98
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3848aaf2c0b3ee7bbc3559066b6c5a0d67dd6c9db84e08848c5ecde98d25211c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3119D3190A68DCFEB89EF6888449E97BB0FF16311F0440BAE409DB552DA65D9588780
                                                                                                                                                                                                                                                  Function 00007FFAAC729A0D Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bbdc67a89a3d2a8eb3eaa761ebb597e816a90058fbd0be2096d89f5e879cd987
                                                                                                                                                                                                                                                  • Instruction ID: 415799beaa4163082b7e3719d16a85d228f85fe4a4041a8e40f1217e9ac2b919
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbdc67a89a3d2a8eb3eaa761ebb597e816a90058fbd0be2096d89f5e879cd987
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8218BB4E1952D8FEF54DF68C880ABEB7F2FFAA300F0494699019E7240DA34A841CF00
                                                                                                                                                                                                                                                  Function 00007FFAAC8B00ED Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6b2c5ed6c75897f504a57a33cec0822b9175fd0a966691725046c727b0f704d3
                                                                                                                                                                                                                                                  • Instruction ID: 3ba39cc63f21d587ad6ada6f36c6a62683313b2396ebe4335c28dfc3f52469ba
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b2c5ed6c75897f504a57a33cec0822b9175fd0a966691725046c727b0f704d3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F1181A184E7C99FE7578B7488685A97FB0FF1B210F0980FBD449CB0A3DA286949C751
                                                                                                                                                                                                                                                  Function 00007FFAAC8B036D Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3152d558a34bfabf332ff00074503ff71df48189dbe5c6d70cbeb1bfe9f3094c
                                                                                                                                                                                                                                                  • Instruction ID: c049828276fa7224d43ce9dcd72f4a816dfdf21b6464a6a427bb06841b956e7f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3152d558a34bfabf332ff00074503ff71df48189dbe5c6d70cbeb1bfe9f3094c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27118172908A4D8FEB94DF68D4496EE7BE1FFAD311F0441BAD509D3242DB34A85587C0
                                                                                                                                                                                                                                                  Function 00007FFAAC729B8D Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f2916347c92f88535f28e057a6657c85b204ee66bfc2d0195f84df075457b3cf
                                                                                                                                                                                                                                                  • Instruction ID: a80715ef6acfc54e79b30121d155a32572fcedfe68b25802c43577fb688ff266
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2916347c92f88535f28e057a6657c85b204ee66bfc2d0195f84df075457b3cf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB112670B046198F9B4CDE68C8949BE77F3BB99301B18852AE41AE7394DB719D41CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0825 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cdf6b64f6672f972bc22b4a7bd6911cd8625003f6a0bd00209b3352a705d0527
                                                                                                                                                                                                                                                  • Instruction ID: 48d9d0ee48717ea9c090a70fc2e53a05d47665179d1da80065f13a557e1e67c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdf6b64f6672f972bc22b4a7bd6911cd8625003f6a0bd00209b3352a705d0527
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 201177A280D3C55FD7539B6488551D93F70FF1B110F0946E7D448CB1A3DA185649C791
                                                                                                                                                                                                                                                  Function 00007FFAAC72A82D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5c7014b14e5d80a28b35484355f8fda85aa39be28395ff82efb9cb64b6f003cd
                                                                                                                                                                                                                                                  • Instruction ID: 9d59bfe56205bc9969a739087de163e09dd4d399d7ef52a5298b6d557db0a207
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c7014b14e5d80a28b35484355f8fda85aa39be28395ff82efb9cb64b6f003cd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C211A07190958E9FEB51DB68E8455FEBBB0EF45320F0441B6E44CE2452EA349A5A8780
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0785 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4e37d89f995f17ae81dc19d1b374bab18b39c926c0e96acd9040e0c12ecdc421
                                                                                                                                                                                                                                                  • Instruction ID: b0cbcac38438aa1906ec47a7dd70006b89862910a3f27540482d91b54255ae80
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e37d89f995f17ae81dc19d1b374bab18b39c926c0e96acd9040e0c12ecdc421
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F11636184E3C99FD7539B7488252E47FB0BF17210F4941F7D488CB1A3E629A998CB52
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1981 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 20ac78dffeae3cd6de8f1f01fc329ee42b7a7e6b61f387e8cb58f86d6b95c8b6
                                                                                                                                                                                                                                                  • Instruction ID: 271d59b001d3ade744cd9597c17e11ab5378496f3e113b3510a676d01dd711cd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20ac78dffeae3cd6de8f1f01fc329ee42b7a7e6b61f387e8cb58f86d6b95c8b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA119EB680E3C48FDB035F3488652A53FA0FF17210F4A41FAD4888B093E669A959C792
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1105 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: de9feef3caf33e08329935435422081b8ad31a31b46241b2c9f401860a047977
                                                                                                                                                                                                                                                  • Instruction ID: 14d68467d70155905aeb6fdef188240b2cc66faaf6fd46585cf73922e9074936
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de9feef3caf33e08329935435422081b8ad31a31b46241b2c9f401860a047977
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0811427284D3C49FD743DF6488592987FB0BF17214F4941EBD484CB563D6285949C791
                                                                                                                                                                                                                                                  Function 00007FFAAC729D18 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 974683ff41488cf18d647934c4452e76358d76f611b2df8d31cc8b00e1dfe101
                                                                                                                                                                                                                                                  • Instruction ID: b44c549611e103f6d7d5ea2c3862a1fb260aca9c69a72b678ce22ea781bb7e7f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 974683ff41488cf18d647934c4452e76358d76f611b2df8d31cc8b00e1dfe101
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E301806150E7C54FE346977898213A07FE1DF87315F1941FAD089CB2E3E95988468352
                                                                                                                                                                                                                                                  Function 00007FFAAC72BBD0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f1b1b5c579182f9123d77b13f12e522328168b2583282f64b1de9ed6a240f007
                                                                                                                                                                                                                                                  • Instruction ID: 8d971927613dfd540efdb9c126697a563e27556b5bfbea3a582053e34a700188
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b1b5c579182f9123d77b13f12e522328168b2583282f64b1de9ed6a240f007
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9401E531A04A0D8FDF84EF58D448AEA77F1FFA9311F04006AE409E3290CB72A894CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC720140 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 961713536f27edb400df13e16601a885fb8d5853fbd8549cd8c7e7f15cabd926
                                                                                                                                                                                                                                                  • Instruction ID: d99904265eb0d53cf5b436aa7d0f4d306467d01cd777a3fa9141320af70d8aa1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 961713536f27edb400df13e16601a885fb8d5853fbd8549cd8c7e7f15cabd926
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD014C7790825247E324B77DE4924F9B790EF82365F44493AE1CED8163E918918949D1
                                                                                                                                                                                                                                                  Function 00007FFAAC729AB5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 89a23eb2dfcb8aa14c7928f55374e7ecbbd80030a30d4c5b83f8e16e9ed5c2c7
                                                                                                                                                                                                                                                  • Instruction ID: 4e371e6725bdadee4c64653eb1d3259606d4581f6c8e7a03db4d2e57567aa11c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89a23eb2dfcb8aa14c7928f55374e7ecbbd80030a30d4c5b83f8e16e9ed5c2c7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65014875A1862ECFEF44DF98C881ABEB3F5FF66300F0899699018E7650DA34E944CB40
                                                                                                                                                                                                                                                  Function 00007FFAAC72F57D Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3f034137bb65837fd13db0fd7cb4270e6435cf190420e30530af4eb571054329
                                                                                                                                                                                                                                                  • Instruction ID: 970f16a05325e71fb5f58d558d7bc6f127ca487ea7a2d378f533c7322129037e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f034137bb65837fd13db0fd7cb4270e6435cf190420e30530af4eb571054329
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6011A34A041088BDB48CF6CC5406FCB3F2AF9C300F6080A9E04EF3741DA32AE558B54
                                                                                                                                                                                                                                                  Function 00007FFAAC72EFEB Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 214d3292b9a919455bb5d46e9d1786c41305b23be81693740ca16db04f1cb5fa
                                                                                                                                                                                                                                                  • Instruction ID: 1423386392203c640fb42a8e787dd260daed4c0e1971b22572271db598ce6ece
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 214d3292b9a919455bb5d46e9d1786c41305b23be81693740ca16db04f1cb5fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F03A7081964ECFEB94EF68C8082EABBB0FF04305F4004BAE42CC2241EB30A554CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC72EFF0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 00907d13d51e971f47ea39efc84071e9356109959449736a468e8ce5282bbd18
                                                                                                                                                                                                                                                  • Instruction ID: ad44bc044495432cb7a3f7f103cdc5c76ed2d7c5e000326de1b375cb12b231d5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00907d13d51e971f47ea39efc84071e9356109959449736a468e8ce5282bbd18
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9F0F870815A4DCFEB84EF68C8086EAB3B0FF08304F40056AE42CC2250EB30A554CB40
                                                                                                                                                                                                                                                  Function 00007FFAAC720180 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a5f8b227e1a0c001caacd6369660dc72fe7b030e467595b4f13bb248f69cb2da
                                                                                                                                                                                                                                                  • Instruction ID: 53c0e55854abef93c911f3b342ebc855f5948f825345734f9df745720e422f10
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5f8b227e1a0c001caacd6369660dc72fe7b030e467595b4f13bb248f69cb2da
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59E086708287818AE7587F388806579B7E0FB55344F90493DF88ED1191EB3CD1448682
                                                                                                                                                                                                                                                  Function 00007FFAAC8B076A Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 32950e3c3c804f7e6138ee2cb9fbacc6f4210da3173271c0f172e0c5e97fa655
                                                                                                                                                                                                                                                  • Instruction ID: a2fff8948861e0106181473635b5c72e07ce433c95aa592a95c59ef509356dc5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32950e3c3c804f7e6138ee2cb9fbacc6f4210da3173271c0f172e0c5e97fa655
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31C012B180080CAFAF01EB84C8408EC7BB0FB08200F0041AAE40CE3612CB30A6918B40

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00007FFAAC82000B Relevance: 6.7, Strings: 5, Instructions: 425COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3806165142.00007FFAAC820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC820000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac820000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "9$"9$"9$$?_H$>z,6
                                                                                                                                                                                                                                                  • API String ID: 0-2790298339
                                                                                                                                                                                                                                                  • Opcode ID: 9ab37c8296ff0ecb0b6e73283b54d2bf9033286818405261ff241cca9acc60f1
                                                                                                                                                                                                                                                  • Instruction ID: e8af9eae9012c5046cbc5c836d6da2b6ccbbb678d2f8d010ce9bdc5ce85bf483
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ab37c8296ff0ecb0b6e73283b54d2bf9033286818405261ff241cca9acc60f1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AE1A471A095198FEB58DF58C9946FCB7F2FFA9300F2481EAD00AE7281DA35AD45CB50
                                                                                                                                                                                                                                                  Function 00007FFAAC7325F0 Relevance: 4.1, Strings: 3, Instructions: 350COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: *5-Z$4\4*$6~$S
                                                                                                                                                                                                                                                  • API String ID: 0-3106677737
                                                                                                                                                                                                                                                  • Opcode ID: ef32a9808d25349411b60559615ba3302dab225253f3659e2a7f72609817ef0a
                                                                                                                                                                                                                                                  • Instruction ID: 910446d144cd162cc8ae49daa0b2c69366265a37c65234fd5beaf930589a4e76
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef32a9808d25349411b60559615ba3302dab225253f3659e2a7f72609817ef0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFD13975A041298BDF0CCA98DCA1AFDB7F6BB99311F04512ED00AF7781CB38A855CB64
                                                                                                                                                                                                                                                  Function 00007FFAAC723EE5 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 9M'
                                                                                                                                                                                                                                                  • API String ID: 0-2063734370
                                                                                                                                                                                                                                                  • Opcode ID: e02e5fdbe6fcf7cfd51b29762c0493f66bb22b4f9a8623721feff51d6be8a1ef
                                                                                                                                                                                                                                                  • Instruction ID: c38d70b0233700c543787bdcc909da86a5b7ffac1f9ebff948381dd4837a8cdf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e02e5fdbe6fcf7cfd51b29762c0493f66bb22b4f9a8623721feff51d6be8a1ef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9A1D6B2A0851A8FEB58EBACD450AFD77B1EF85311F14453AD00EF7792CE24A845CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC72F371 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: #%G
                                                                                                                                                                                                                                                  • API String ID: 0-3916364716
                                                                                                                                                                                                                                                  • Opcode ID: 0aa02cf018f550b9fdf77bb23c1189cacb2fa5c122fea7ce7efb7290b8e2a3d0
                                                                                                                                                                                                                                                  • Instruction ID: 0abeb2236a971f07917e2e77e570ab871a17c8ea64ed3a41620c1b750a5368f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0aa02cf018f550b9fdf77bb23c1189cacb2fa5c122fea7ce7efb7290b8e2a3d0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2291AD35B054198FEB58DB68C9916FCB3F2EB9C300F2491AAD40AF7781DA35AE458F50
                                                                                                                                                                                                                                                  Function 00007FFAAC72FE01 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 6
                                                                                                                                                                                                                                                  • API String ID: 0-1452363761
                                                                                                                                                                                                                                                  • Opcode ID: f1dc34791ce4f14271d17d4ec1d76a48b02e938a8778f71fbbce2e7f7f9fb7ba
                                                                                                                                                                                                                                                  • Instruction ID: 7f10e9cfad4a906b2d0ff5be1a8fb203829b27f0febc81e8c6366fd91d81c15d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1dc34791ce4f14271d17d4ec1d76a48b02e938a8778f71fbbce2e7f7f9fb7ba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD819C35F040198BEB5CCB69C9916FDB3F2AB9C300F2491AAD44AF7784DA35AE458F50
                                                                                                                                                                                                                                                  Function 00007FFAAC9020F8 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "9.j
                                                                                                                                                                                                                                                  • API String ID: 0-2795890652
                                                                                                                                                                                                                                                  • Opcode ID: 176b706030773fb01a1ca3efb278c09e57ef5c8b8b8ef71fe5d04ff76c65d910
                                                                                                                                                                                                                                                  • Instruction ID: a37e48f8de74e844e627b5a6a70ee793f7d4b18bf00a7fa68155f889b1d2d4d2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 176b706030773fb01a1ca3efb278c09e57ef5c8b8b8ef71fe5d04ff76c65d910
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6716E71A0590D8FEB9CDFA8C4A46BE73F2FB98301F54412ED40AE7695CB349956CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC72FA80 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 6
                                                                                                                                                                                                                                                  • API String ID: 0-1452363761
                                                                                                                                                                                                                                                  • Opcode ID: dd61602a63dd5fb6792a4c04660e3a6f612d6f885e648f8736b18210fbfbfb27
                                                                                                                                                                                                                                                  • Instruction ID: f75dbaf881fcd530fd412412f71d46d77dafed69adf74cb3359a0156abac8485
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd61602a63dd5fb6792a4c04660e3a6f612d6f885e648f8736b18210fbfbfb27
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D714B34A045198FEB98DB58C995AEDB3F2EBAC300F1051A9D40AF7790DA35AE85CF40
                                                                                                                                                                                                                                                  Function 00007FFAACBF28DC Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 1J
                                                                                                                                                                                                                                                  • API String ID: 0-1704759314
                                                                                                                                                                                                                                                  • Opcode ID: b7a04945214cf13bf67febbbe4563daff69a83b5396c58d46b4f329625ee437b
                                                                                                                                                                                                                                                  • Instruction ID: bda759394c4885c63e1cc21cc0c522be9f6e701f4ccd23c7097d57ea54266ed4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7a04945214cf13bf67febbbe4563daff69a83b5396c58d46b4f329625ee437b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4461AF70A0864E8FDB48DF68C4656BEB7F2EF99300F14806ED00AEB295CA34DD46CB51
                                                                                                                                                                                                                                                  Function 00007FFAAC907C38 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 9?y
                                                                                                                                                                                                                                                  • API String ID: 0-3248715747
                                                                                                                                                                                                                                                  • Opcode ID: 690465c63ce34cdaff67a8b7c74b9b86e3b7cb10e03313d02280bbf29feed559
                                                                                                                                                                                                                                                  • Instruction ID: 8a016d6f78ff0b712d646db7583d77cc22457ed09a81b77c8665e6c0ca6c9b26
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 690465c63ce34cdaff67a8b7c74b9b86e3b7cb10e03313d02280bbf29feed559
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37615B75A0990ECFEB88DB58C5506BE73B2EF98301B14812AD00AE7295DA35DE46CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC72DCC0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 2*+%
                                                                                                                                                                                                                                                  • API String ID: 0-1942488366
                                                                                                                                                                                                                                                  • Opcode ID: b98125ea4b77abdf0ecca2ceb35fb992a02c2dede47230c7a63aab356d1821a3
                                                                                                                                                                                                                                                  • Instruction ID: 6f81d5e20eab019368d79f3889cf4f6f54fe568d81d55b2644c0246ea1167096
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b98125ea4b77abdf0ecca2ceb35fb992a02c2dede47230c7a63aab356d1821a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9651A375E0550A8BEB4CCF94C6516BE77F6EB95300F24413E940AF7780DA34AE09CBA1
                                                                                                                                                                                                                                                  Function 00007FFAACBE2348 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: -.-5
                                                                                                                                                                                                                                                  • API String ID: 0-928407001
                                                                                                                                                                                                                                                  • Opcode ID: cd6774797c3c18435975c3711e5e5bce348546fc9f54609ee1818ea714517020
                                                                                                                                                                                                                                                  • Instruction ID: 4dfcf6f0a3207c3e6fa7b6f4be3eac27086a169e9ee810fc2be744d5b2f979ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd6774797c3c18435975c3711e5e5bce348546fc9f54609ee1818ea714517020
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5151AF75A0450A8FDB0CCFA9C5A15BEB3F3EF98301B24812EE00AE7785DA34AD55CB51
                                                                                                                                                                                                                                                  Function 00007FFAAC8B2521 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: r6
                                                                                                                                                                                                                                                  • API String ID: 0-2984296541
                                                                                                                                                                                                                                                  • Opcode ID: db801561f2c90cd64d0bdd66fdcbe24c2b01fc3e3595468c7c2344b4d1479896
                                                                                                                                                                                                                                                  • Instruction ID: 633fbeeaf755529bf9f9a3fd65aa04cf432be094617b8147dd1879416e747746
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db801561f2c90cd64d0bdd66fdcbe24c2b01fc3e3595468c7c2344b4d1479896
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC4116B680D78D8FDB42DF6888296A97FB0FF2A310F4542F7D048C71A3E6249915C791
                                                                                                                                                                                                                                                  Function 00007FFAAC72F7A2 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 6
                                                                                                                                                                                                                                                  • API String ID: 0-1452363761
                                                                                                                                                                                                                                                  • Opcode ID: 9b046f40525c31cdc121a6309c9f138fac26d310eea387bd767e7785edf68c81
                                                                                                                                                                                                                                                  • Instruction ID: 9a34664b3563bcbd383e16d4d1a2ad06691c70fe16ae18d4c720cdc06fe758d8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b046f40525c31cdc121a6309c9f138fac26d310eea387bd767e7785edf68c81
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B416E75B044098BEB5CCF99C9915EDB3F3EB9C300F2492AAD40AF7744DA35AE468B50
                                                                                                                                                                                                                                                  Function 00007FFAAC723AED Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7c19c653a13a968f13a186226963400536e1f61cabcaf618e41727b9366778a1
                                                                                                                                                                                                                                                  • Instruction ID: 1021310bd90d4b4b1aa725a448dfd98e3291e2089d2038f79dd28c36584c1ad8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c19c653a13a968f13a186226963400536e1f61cabcaf618e41727b9366778a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1D17E75A0950A8FEB58EB68D450AFD73B2EF9A311F10813ED00EE7391CE34A945CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC7220D3 Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 001c7ed172a3c36a669a4e280e651f31a888be3dce6770865a16666ae11b830b
                                                                                                                                                                                                                                                  • Instruction ID: f5f3cec0f52cdc4dd018393c90d5fd74b78c9bc749c81e62749dbafdcb8d3dc5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 001c7ed172a3c36a669a4e280e651f31a888be3dce6770865a16666ae11b830b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9C12576E0851A8FEB08DB68D4905FD77B2EF86311B14817AD00EEB782DA34ED45CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC7277AD Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 49eafaec09b391dfd04cec40b56a1e7a07a93b326c74fff66201c697a9093f3b
                                                                                                                                                                                                                                                  • Instruction ID: 00f73387b4333295fcb3aae0ad122528c9c0349fdbd99291240926457a85f9b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49eafaec09b391dfd04cec40b56a1e7a07a93b326c74fff66201c697a9093f3b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0A12AB2B045198BEB18FBADE4116FD77A1EF86321F04853AD10EE7792CE289445CBD0
                                                                                                                                                                                                                                                  Function 00007FFAAC7273ED Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c04a3340c5593d1eb47825c0e397bfc6d41d9bf69893637efb8bf252bfce5363
                                                                                                                                                                                                                                                  • Instruction ID: da81cf16e19137788e92873d33f82f89416d01238a0dd757b52be4d757ed3201
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c04a3340c5593d1eb47825c0e397bfc6d41d9bf69893637efb8bf252bfce5363
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36B19071A0851E8FEB58EF68C5506BEB7F2EF99301B14813AD00EE7391DA34E945CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC722807 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: aba0374bbb6479930981cb7184cbbf07cacd5baad70464da0bcda0bcef861eda
                                                                                                                                                                                                                                                  • Instruction ID: 22219ea41838061fad39e63d9b1d4ce6e55e03ac3a7bb4c53d32e47f0ead47f6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aba0374bbb6479930981cb7184cbbf07cacd5baad70464da0bcda0bcef861eda
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EB16275E1550E8FEB4CCF58C4929BEBBB2FB99311F14812DD50AE7784CA34A985CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC7265D3 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b324261252e2ab5f2f30ce12e6925e7eeda2f1046fae6efb7824a9c8fc57aa47
                                                                                                                                                                                                                                                  • Instruction ID: dde605c2c70f4a1457ab52f43dc86df6a3eda0512eef7157c03adde0dbfe3ba0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b324261252e2ab5f2f30ce12e6925e7eeda2f1046fae6efb7824a9c8fc57aa47
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2919A77B0C6298BD718E7BCE850AFEBBA0DF82334F04853BD189E6693DA10580583D1
                                                                                                                                                                                                                                                  Function 00007FFAAC726725 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fd9be2174fac14ecc25065ece5e5edea45e681fc27c3c6b000b382cc31356ac6
                                                                                                                                                                                                                                                  • Instruction ID: a5f1416adc4215e19ac702879300eb2c0734291885973a8bb1791eed559beb54
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd9be2174fac14ecc25065ece5e5edea45e681fc27c3c6b000b382cc31356ac6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C8126B3B085265BE724B7BCF8119ED67A1DF87364B04C937E00EEA6A3CD18944587D1
                                                                                                                                                                                                                                                  Function 00007FFAACBEB710 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2dc83c51e10e091796770dd18697382fa301def0a35bb834ec60dbc540749a7e
                                                                                                                                                                                                                                                  • Instruction ID: 410513681300c7322235e05fdf10a6333251eccc1937f2b48d191ac2102982cb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2dc83c51e10e091796770dd18697382fa301def0a35bb834ec60dbc540749a7e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5B19C71A0960ECFEB48DF68C4A06BD77F2FF99301B54416ED00AE7291CB39A956CB50
                                                                                                                                                                                                                                                  Function 00007FFAAC72A430 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1dc85986e986683f6119ac9f680fbbfaa66203e08ed23210879c3ef05359c9a7
                                                                                                                                                                                                                                                  • Instruction ID: f951f72c558d64a78644b36cf10048fc5c2f2cae426b8ebc6ce9b2492a2c55c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dc85986e986683f6119ac9f680fbbfaa66203e08ed23210879c3ef05359c9a7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59818075F0460A8BEB4CCF59D8545BEB7F3EBD9301B04C12EE41AD7794DA78A8168B40
                                                                                                                                                                                                                                                  Function 00007FFAACBEC1F8 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 60a8a00fb354f07537721cf257499c95076ce0550b151333272a04864ba8efd3
                                                                                                                                                                                                                                                  • Instruction ID: 456d5ca78220c0662108f38b28e423acf6cfaef190b0aa57f93d21467acff22a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60a8a00fb354f07537721cf257499c95076ce0550b151333272a04864ba8efd3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D919E70A0960D8FEB48DF68C4906BEB7F2FF99301F50416ED40AEB395CA35A846CB40
                                                                                                                                                                                                                                                  Function 00007FFAAC725FA5 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e4836c5db8fdcc0008cb14efd9bd30265f06b893fc73b35af1e9f4e1515dacd6
                                                                                                                                                                                                                                                  • Instruction ID: cfc2a95f0e9d91a1122e4b7691984f02b4b2e95bf9c8b56f4a05fd95eeb02b11
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4836c5db8fdcc0008cb14efd9bd30265f06b893fc73b35af1e9f4e1515dacd6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A81D575F0851A8BEB18DBA8D4509FEB3F2AF86310F14813AD00DE7795DE349949CBA1
                                                                                                                                                                                                                                                  Function 00007FFAAC7292FA Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b8ef4dcc347d890e6cd4dabda00c7cb297171c55fea3325bf6c904770593c897
                                                                                                                                                                                                                                                  • Instruction ID: e6c8581d593f0c6ca768dae255c61ab6c06fabddbb015eeeec288a5e82fc455d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8ef4dcc347d890e6cd4dabda00c7cb297171c55fea3325bf6c904770593c897
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 918105B2A0851D8FDB58EB68D4505FD77B2EF9A314B14853AD00EEB792CE34A855CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC90A564 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2ba5fcc7e48a957d6dae3b14a8805be939d8bfb2ebe311fd05c89a783a68faf6
                                                                                                                                                                                                                                                  • Instruction ID: 17d9d2f175ce353d276d05b278f95a3ee276060a51e5135ecc351a1b48f07d78
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ba5fcc7e48a957d6dae3b14a8805be939d8bfb2ebe311fd05c89a783a68faf6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA81E175B0454E8FDB88DB68C4905BEB7F2EF99301B14812ED40AEB781CA34DD16CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC900E8B Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: be337a9b3bc47ec33d7646ab939b2b9aeabb1988261edccd05cf9939af7b58b3
                                                                                                                                                                                                                                                  • Instruction ID: 6e4c9d3ed4ef66818340c51fa3318777d3131ef4a1fc1dc3ecc81d6e8a75bb0a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be337a9b3bc47ec33d7646ab939b2b9aeabb1988261edccd05cf9939af7b58b3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB816E74A1550D8FEB88DF98C854ABEB7F2FB98301F50812AD00AE7395DB34E956CB50
                                                                                                                                                                                                                                                  Function 00007FFAAC9027DB Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0f30be642a3a25a8698b7b4980166d5a9a396d82f0f0a45e8a29e0adfcaf14b1
                                                                                                                                                                                                                                                  • Instruction ID: b0380a9efd797f342d88c15b78941ad3e66b0c78a4a9900469e49a992c7a3187
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f30be642a3a25a8698b7b4980166d5a9a396d82f0f0a45e8a29e0adfcaf14b1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A817C75A1490E8FEB88DF98C4916BE77F3EB99301F148129D40AE7385CA38ED45CB51
                                                                                                                                                                                                                                                  Function 00007FFAACBE48F8 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4d524d5ca26d0a085683857fbef8da2aead2bbeccf044748b47679ba8dc86744
                                                                                                                                                                                                                                                  • Instruction ID: 61c9c22a3384c468d2c7296161e5a6b32b5498c95ba95edb3f177da2afcb195d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d524d5ca26d0a085683857fbef8da2aead2bbeccf044748b47679ba8dc86744
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7981A071A1460E8FDB48DF68C490ABEB7F2FF99310F14416AD40AE7391CA349D16CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC907E80 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2a6262d88736695588524d5e3d9816c3843eb72d582652119fcb3d159ecb3850
                                                                                                                                                                                                                                                  • Instruction ID: 359f80c4a4baa717e71568b282f4c81a534485fcd735f08021b7dec711b62a9d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a6262d88736695588524d5e3d9816c3843eb72d582652119fcb3d159ecb3850
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05716B35A0550ECFDB48DFA8C5A06FEB3B2EF95311F24412AD00AE7681CB34AE55CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC72F903 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3a3c13c4a4996d191dab0b359d323fd792fbc050024e4b5e48ea2ef463e4727d
                                                                                                                                                                                                                                                  • Instruction ID: e966d225bfa30e973cb81b1f3f16be07cd9cfe3ee70e0008812b60b958dcb6af
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a3c13c4a4996d191dab0b359d323fd792fbc050024e4b5e48ea2ef463e4727d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90816F35A045198FEB58DB58C991AECB3F2EFAC300F2441AAD40AF7791DA35AE45CF50
                                                                                                                                                                                                                                                  Function 00007FFAACBECA70 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0667ef1361c504d3c78cd408c37855934bb03091766e82844c255c6758fd6330
                                                                                                                                                                                                                                                  • Instruction ID: 895b58b9f82676d78eae40590ccd6c5cdcc1c2cf465c12414a76bfeaddde30d9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0667ef1361c504d3c78cd408c37855934bb03091766e82844c255c6758fd6330
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81718E71A0560E8FDB4CDB68D9A06BEB7F2EF99301F10416ED40AE7381DA359D06CB91
                                                                                                                                                                                                                                                  Function 00007FFAACBE7345 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 646bd61b151400b9222a6831559b810c85421dedd9c6c17fed40fed6de7ec718
                                                                                                                                                                                                                                                  • Instruction ID: 3ba27134344eeed7690a4aa7445793eee1d9d6fbabae6db8d5eebca2ea02c3cc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 646bd61b151400b9222a6831559b810c85421dedd9c6c17fed40fed6de7ec718
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3071A071A1450D8FDB48DF58C8A05FE77F2EB98310B24816AD00AEB795DA34ED46CB91
                                                                                                                                                                                                                                                  Function 00007FFAACBEA507 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cb8c88eae670372cd3f690ba131050a4b0972035c946fc9d6ac2bb3a59dff4cd
                                                                                                                                                                                                                                                  • Instruction ID: e3fa1380d59f4b78d061aaa49ac086db5124bb8374313f3d074be969984eafe8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb8c88eae670372cd3f690ba131050a4b0972035c946fc9d6ac2bb3a59dff4cd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE71E370A0564E8FDB48CF68C4905BE77F3EF99301F14816AD40AEB385DA389D0ACB51
                                                                                                                                                                                                                                                  Function 00007FFAACBF02A5 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 44eff081a837ccf784dcde62a5b236f05a157d19f612a84945dfb7447c8a5757
                                                                                                                                                                                                                                                  • Instruction ID: 9de906cfd7ada070f2cd8d195933c03f6f27e3cbc105bbc38daae66ef30661a3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44eff081a837ccf784dcde62a5b236f05a157d19f612a84945dfb7447c8a5757
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8617D75A1560E8FEB4CDB54D4A16BE73F2EB99301F14813ED40AE7395CA34AD06CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC90868B Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2c4ad35f87088dbd79939b6b8192cdf23fe6a00bed7e4f758312827fabd9aad3
                                                                                                                                                                                                                                                  • Instruction ID: 54b0349af7e194809489a2c289c3aa6f01290d49e980a2b729acdb04f936c4a8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c4ad35f87088dbd79939b6b8192cdf23fe6a00bed7e4f758312827fabd9aad3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E716C75E0550E8FEB88DFA8C4506BEB7F2FB99301F144129E00AE7385DA34E956CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC909388 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 59b4dc90a99dd112e0cdc509ee5bca4b5f9f54eef5e63437dc17d8c163b6bf76
                                                                                                                                                                                                                                                  • Instruction ID: 1b707f6e0ffc856579cac89559b77185481ab3cd5039e8ba3a38faae698edaea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59b4dc90a99dd112e0cdc509ee5bca4b5f9f54eef5e63437dc17d8c163b6bf76
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6571C175A0964E8FDB4CDF64C8A05BDB7B2FF99301B14416ED40AEB385CA34D906CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC72FF22 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6dda359096347c8ee257e56cfff206738445fdb345e9b8e413a16d9034d14180
                                                                                                                                                                                                                                                  • Instruction ID: 8f98b5169f17672ec09130ddece7117016eb95d2dafaf8b45d410d597192358d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dda359096347c8ee257e56cfff206738445fdb345e9b8e413a16d9034d14180
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81718B35B154098BEB1CCB58C991AFDB3F3AB9D300F2491AED44AF7784DA35AE058B50
                                                                                                                                                                                                                                                  Function 00007FFAACBF15A8 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c1718076f5afbada6b5951ca6aaf709f23c235e581b1301569d11688dd90d60e
                                                                                                                                                                                                                                                  • Instruction ID: 5adbfdcb2a580a32b47bc3356b4da3cae1d05102fcb04c607d5d5054e72913c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1718076f5afbada6b5951ca6aaf709f23c235e581b1301569d11688dd90d60e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98719074A0960E8FEB48DF68C4506BE77B2EF99300F24816ED009E7395CB359D16CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC904FFB Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: edd83178748b51c0cc3746e78e7ecfeb6ba14c49685b85a39e15902598267adb
                                                                                                                                                                                                                                                  • Instruction ID: fd24133953ff729327007801cbdf0c39581def849b7ae3c2f506089aca7e5998
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edd83178748b51c0cc3746e78e7ecfeb6ba14c49685b85a39e15902598267adb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62615C74A0550D8FEB58DFA8C5956BEB7F2EF99301F20812ED00AE7385CA34AD15CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC72C220 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 82de252628a5209df65f085113477d012b4d514ec4206869986b8539994fd308
                                                                                                                                                                                                                                                  • Instruction ID: 1a6f3816d875346dfd5e7cbfa33096bccfdd37341e4b988c32327c4847c36f13
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82de252628a5209df65f085113477d012b4d514ec4206869986b8539994fd308
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD617375E0551A8FEB4CCF58D4905BEB7B2FFA9300B14C12ED41AE7784DA38981ACB50
                                                                                                                                                                                                                                                  Function 00007FFAAC72ECA5 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b968f1d39563df30c83555ccdd10aeb032f158aae7f7e76f52fa1540da6fe627
                                                                                                                                                                                                                                                  • Instruction ID: 9cf9ae094954a2a1ce06fc0cd6e5df307070a17904ee67af42d060693bbedd99
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b968f1d39563df30c83555ccdd10aeb032f158aae7f7e76f52fa1540da6fe627
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C61B075F1410A8FDB0CCF99D8924BE7BB3AB98311F14812EE50AE7784CA34D885CB94
                                                                                                                                                                                                                                                  Function 00007FFAACBE4450 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9047611abd707ee102d592899d7f0f88f21ece7a452848c14d5f913fda064312
                                                                                                                                                                                                                                                  • Instruction ID: cab5b1ee251cb5df0caf24d38cd436aa917b7746a8794fcdd4f6e1db432f67de
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9047611abd707ee102d592899d7f0f88f21ece7a452848c14d5f913fda064312
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA610B75A0451E8FDB4CDF99C5919BEB3B3EF98301B24812E940AF7784CA34AE15CB61
                                                                                                                                                                                                                                                  Function 00007FFAAC7308E0 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0f9ad5eb01e4402712d0b2f6b54d5f593edf8823cb65403fbb6d553b0cfe36d3
                                                                                                                                                                                                                                                  • Instruction ID: b587ab364920a2315ba8c771d0809364fcb0e01d6c6360315f52eb109b6957e2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f9ad5eb01e4402712d0b2f6b54d5f593edf8823cb65403fbb6d553b0cfe36d3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9517D74A1550A8FEB48CF99C5906FEB7F2FB98310F10812ED40AFB384DA349945CBA0
                                                                                                                                                                                                                                                  Function 00007FFAAC7245FB Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a6010f0541821be9a4ada0aab30377fb1d0f90f8c55e14de347b716fd2b87944
                                                                                                                                                                                                                                                  • Instruction ID: 52dd145ee5fe9de12cc52fce99f531e255a64744d4f31208b439f6b98089ceb0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6010f0541821be9a4ada0aab30377fb1d0f90f8c55e14de347b716fd2b87944
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57510A72E0465A4BD71CDBB8D4A55FEBBA1EF85324F04853ED14AE7782CE249885CBC0
                                                                                                                                                                                                                                                  Function 00007FFAAC820C81 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3806165142.00007FFAAC820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC820000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac820000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f82d0fd080368a13fa56b8cd5289b1a0a0c9f612cdf55ac40c3259adf2039025
                                                                                                                                                                                                                                                  • Instruction ID: 21d43fb0ee526e715495250c729b75e56ca55b1a34e5ca87407f7dd8c885f845
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f82d0fd080368a13fa56b8cd5289b1a0a0c9f612cdf55ac40c3259adf2039025
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A518E31B140098BEB0CCB54C6915EDB3F3ABED300B2481AED40AF7784DA35AE06CB24
                                                                                                                                                                                                                                                  Function 00007FFAAC72F4CF Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 38cf72d5cf95be19054bde9e580c993003e31ba93f9b98d4c73a5f9d85127d4d
                                                                                                                                                                                                                                                  • Instruction ID: a7d9e6fa70516be33cebd2eaaf64af466a9cfcd006a098ea1a04807037f6bb4e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38cf72d5cf95be19054bde9e580c993003e31ba93f9b98d4c73a5f9d85127d4d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64516935B054198BEB5CDB59CAA16FCB3F3AB99300F2481A9D04AF7784CA35AE45CF50
                                                                                                                                                                                                                                                  Function 00007FFAAC7311D0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2747fe55881b758f723f462d237612d46ddd17b9b90fcea2094a51a72ac1e872
                                                                                                                                                                                                                                                  • Instruction ID: 455e676d1ae701e898b58cee4ec92175c3eccc124dac461a6b830f3b0eb34aab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2747fe55881b758f723f462d237612d46ddd17b9b90fcea2094a51a72ac1e872
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C516F75F1460E8FDB48DF68D4965BEBBF2EB98310F04412AE50AE7380DA30D955CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0A01 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 833f3e328cb4278c6251587455cee166e5547b6e0215ec1a3d6de32bb303cc68
                                                                                                                                                                                                                                                  • Instruction ID: a7d629ad3c992ae3ddfe05e5a2734fb23da56937af80cf5a17e4a6c7133f5401
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 833f3e328cb4278c6251587455cee166e5547b6e0215ec1a3d6de32bb303cc68
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55516DB190E3898FDB46CF6488A45A97FB0BF17310F0945EBD488DB193D638A908C795
                                                                                                                                                                                                                                                  Function 00007FFAACBE2512 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 566179aeb745ee5f3b5f714c4234466c99e3285ad06f1a01a7a3c08090fbbce5
                                                                                                                                                                                                                                                  • Instruction ID: 7e87bf6a59c5621fe4d9f7e10acc30768b6cdd0197e8744752e7636cac0d025a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 566179aeb745ee5f3b5f714c4234466c99e3285ad06f1a01a7a3c08090fbbce5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE518E75A1451E8FDB4CDF98C4A09BE73B2EFA9301B24852ED00AEB785CB34AD45CB51
                                                                                                                                                                                                                                                  Function 00007FFAAC90F8C8 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: faaaad54e07d4d18170d736dbff7408a03f6e8bb2e36d8bf1d2f417d40473045
                                                                                                                                                                                                                                                  • Instruction ID: 718ceec252582c7b13b6b1e6f92b05f9a33b7329d2c2a11d92ca5debb575424d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: faaaad54e07d4d18170d736dbff7408a03f6e8bb2e36d8bf1d2f417d40473045
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D051AE75A0450E8FDB48DF58C950ABEB3F3FB98301F14812A900AEB794CA34DE45CB91
                                                                                                                                                                                                                                                  Function 00007FFAACBF0C0F Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9fc11351a6a9350febf46489fee3ee023362c9d1d48117a163e1f046747bcb3a
                                                                                                                                                                                                                                                  • Instruction ID: caf3ef5b25efd02fb397c4fc57d379ab172842722a039cb785ad1d54971e579c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fc11351a6a9350febf46489fee3ee023362c9d1d48117a163e1f046747bcb3a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9951F374A096498FDB49CB68C8546BEB7F3FFD9300B14816BE009E7391CA349D16CB51
                                                                                                                                                                                                                                                  Function 00007FFAAC722B28 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4b6fb07126c172d5ba8190e1d01574f9259dc513e0e6ca83cae40c400dbeec77
                                                                                                                                                                                                                                                  • Instruction ID: 6abae39d1e7436c231f986fa6f1dbf7ec6c8d662ae111c92d73b8ef1da782411
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b6fb07126c172d5ba8190e1d01574f9259dc513e0e6ca83cae40c400dbeec77
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21516A74A0461E8FDB48DF69C495ABEB7F3FBD8301F14812AD009EB294CB349955CB80
                                                                                                                                                                                                                                                  Function 00007FFAACBE8F49 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6127dac323dbeb04a81f322e5e4a33451d6039529d963d2b6ca786a44386e7d8
                                                                                                                                                                                                                                                  • Instruction ID: d5d647956ac6d178fd0bf30e8fa7497e1f45042db3e9d8e294ae20f4c29d8675
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6127dac323dbeb04a81f322e5e4a33451d6039529d963d2b6ca786a44386e7d8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E551E371A086498FDB49DF68C4546BE7BF2EF99300F14406BD009EB291CB38DD46CB61
                                                                                                                                                                                                                                                  Function 00007FFAAC90304B Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ef54cb9d854eb43b2cb535c72453ff3756ed6c8e9b2cda907eb1467d974512dc
                                                                                                                                                                                                                                                  • Instruction ID: 838795148abf30ae470ceabfe7152df56205e8963b7f73421c9dbcfb5a0ca71f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef54cb9d854eb43b2cb535c72453ff3756ed6c8e9b2cda907eb1467d974512dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3515C71A1451D8FEB88DF98C8906BE77F3FB98301F54812EA00AE7385CA349D56CB90
                                                                                                                                                                                                                                                  Function 00007FFAAC90198B Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ef7c0ed1a06314ce65193ed4148dc15a70d1e093b88633530d8b82563ce7974f
                                                                                                                                                                                                                                                  • Instruction ID: 2e3fe7b5cb9c5e5863080cae76d741830b4c520f2f76c5e2e4754d21e611d0ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef7c0ed1a06314ce65193ed4148dc15a70d1e093b88633530d8b82563ce7974f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40518C71A0560D8FEB58DFA8C4556BE73F2EB98301F24813A900AE7395CA38DD55CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC72C8AF Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d2a1e05cdd1f6545693433f2e42fc7d08945762b1040870f68cb3d0d13d5e5a6
                                                                                                                                                                                                                                                  • Instruction ID: 8e095a2d1240c7ad041a421d4c81293b2b06d232a88a50a1fd64707bac54d0f4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2a1e05cdd1f6545693433f2e42fc7d08945762b1040870f68cb3d0d13d5e5a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58512B75F1410A8BEB0CCE95D9919FEB3F3AB98311B24812ED406F3784DA34AE15CB65
                                                                                                                                                                                                                                                  Function 00007FFAAC72ED71 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 40b553e87c476cc3c3768772fac7366b59dfc986034271f329ac7935ba519312
                                                                                                                                                                                                                                                  • Instruction ID: a7bf3cbb58549382ab9380abea35f69266ed0342ac71df6ad90e56df8a5cb879
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40b553e87c476cc3c3768772fac7366b59dfc986034271f329ac7935ba519312
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4641C275F1450A8B9B0CCFA8D8A25BE7BF3EB94321F14812DE146E7784DA34E945CB84
                                                                                                                                                                                                                                                  Function 00007FFAACBF178B Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b6cca434c30a82954e778e4f93f3d4073972f5520ca3af3a2fdf498855575f39
                                                                                                                                                                                                                                                  • Instruction ID: c5db6116283802babd36695ab0e5a97449b16ca5bd869d7e6614fafed71a971c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6cca434c30a82954e778e4f93f3d4073972f5520ca3af3a2fdf498855575f39
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35512675A0450E8FEB48DF98C5909BEB7B3EF98301B24812AD40AE7394CB35ED16CB51
                                                                                                                                                                                                                                                  Function 00007FFAACBEBC1D Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 41c6e6c379c646aa1a99764d3dc65f61bf0dfa5dcbd92ec8f0f338a2713ee21d
                                                                                                                                                                                                                                                  • Instruction ID: ca7ac27333224df9582a4746e2b2417839e886194c7ad64ce676d49128f2c70e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41c6e6c379c646aa1a99764d3dc65f61bf0dfa5dcbd92ec8f0f338a2713ee21d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C941CE71A0961ECFEB08DBA4C8651FEB3B2FF94301F14812AD009E7380CB399916CB90
                                                                                                                                                                                                                                                  Function 00007FFAACBE060D Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3811975499.00007FFAACBE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACBE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaacbe0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cddbe153ce694c15ee0259483bc76e42dbc122113ebff293468caf5f885f7467
                                                                                                                                                                                                                                                  • Instruction ID: 6634c2065028d04ce984a08c4c027936f5417618ffaf5e92ccbda01d8648ce58
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cddbe153ce694c15ee0259483bc76e42dbc122113ebff293468caf5f885f7467
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9510975E0450E8FEB48DF94C5A19BEB7B2EFA9300B24812D840ABB784CB35AD15CB51
                                                                                                                                                                                                                                                  Function 00007FFAAC72F733 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3a51045c236cddd1d4588dc37bf5cb5d9bf5854117fafab5a676295acd576503
                                                                                                                                                                                                                                                  • Instruction ID: dfa0b4d72f3ca25cbb5cb90d364ad338af2d668683da50c0c3b7460d60e37d96
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a51045c236cddd1d4588dc37bf5cb5d9bf5854117fafab5a676295acd576503
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70419F35F050198BEB1CCA55CAA16FD73F3ABE9300F2481AAD40AF7784DA35AE458B50
                                                                                                                                                                                                                                                  Function 00007FFAAC900724 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7fa798291a1fe79e596ca03c1b06a90f2bb8a5efc4a8be08dfe9df8d7d9d10c9
                                                                                                                                                                                                                                                  • Instruction ID: 68d1e8e3d556de9b6fbf2852157ae232348c8d2528e78323a03d5426d7e08e27
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fa798291a1fe79e596ca03c1b06a90f2bb8a5efc4a8be08dfe9df8d7d9d10c9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46413F75E0560E8FDB48DF94C8925BEB7B3EB98311F54812D950AE7384CA34A845CB80
                                                                                                                                                                                                                                                  Function 00007FFAAC90298E Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4acde29f06e524210f61512a71c4af9ad7d80c0b027e0223343442cff5a653e3
                                                                                                                                                                                                                                                  • Instruction ID: 6ffa25e0414fac0c14364a934550b91a162690b77501b73b7ed95adbf0e6bf99
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4acde29f06e524210f61512a71c4af9ad7d80c0b027e0223343442cff5a653e3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E414D74E0590ACFEB88CFA8C5555BEB3F3EB99300B60812A9409EB385CA34ED55CB51
                                                                                                                                                                                                                                                  Function 00007FFAAC9068AF Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5063ab8ea2085737828b9df04937d8548840312fb28a28d86321de5e53014a03
                                                                                                                                                                                                                                                  • Instruction ID: 5f4f1d0953d01a6bae0e6aa827633c720efe77c401fc7cf961963e84122df5df
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5063ab8ea2085737828b9df04937d8548840312fb28a28d86321de5e53014a03
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F416F75A0450E8FDB8CDFA4C9905BE73B3EBE8301B64862EC40AE7784CB34A905CB50
                                                                                                                                                                                                                                                  Function 00007FFAAC72FCEB Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ddeef7180569c7ba36ff321dd8684996168aa882df5bf0c9fda74cb8260de058
                                                                                                                                                                                                                                                  • Instruction ID: 894bcc2889dec0789479e08fe9e56e751cb4785eb7aea4bdcc55b2b383d2ec06
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddeef7180569c7ba36ff321dd8684996168aa882df5bf0c9fda74cb8260de058
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC418F35B054188BDB0CCF55D9A05FD72F3ABE8300B24C1AED00AB7784DA359E158B54
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0231 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d7b8cf31116678c164dbfe13d2cafaa193ef75d2439f60f3bd728984eae3c12a
                                                                                                                                                                                                                                                  • Instruction ID: 074a8eae4d78c5f080ac1ff39d36694d8147acf8d4c0b172fe17cab1f1f605d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7b8cf31116678c164dbfe13d2cafaa193ef75d2439f60f3bd728984eae3c12a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F31D27190DB898FDB52DF6888651E97FB0FF6B310F0941EBD088D7193DA24A849C781
                                                                                                                                                                                                                                                  Function 00007FFAAC72FBB1 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2bb113f2ab9cd31dd7f9e9a19bbe6abe75165a3793cc8b2ab7018cedbec67356
                                                                                                                                                                                                                                                  • Instruction ID: 7116e0977a44f832267ac879b4367f2060dba3fc83f84da6a98dde99155018eb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bb113f2ab9cd31dd7f9e9a19bbe6abe75165a3793cc8b2ab7018cedbec67356
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD418F35B144098BEB0CDA69C9619FDB3F3EB9D300B2491AED40BF7780DA75AE058B54
                                                                                                                                                                                                                                                  Function 00007FFAAC72A428 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3804457307.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac720000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fd33bfdfcd1a9411be2b36106d8f92a541e6b91e00472b25cbf9780c7c997dff
                                                                                                                                                                                                                                                  • Instruction ID: c37ab2b26de98da47d75d3574beb2b8c8a3bffdbc2584db7afc8df3a95a486c1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd33bfdfcd1a9411be2b36106d8f92a541e6b91e00472b25cbf9780c7c997dff
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77418075A0950E8BEB0CDF58D5915FE73B2EB99311F208139D40AF3784CA34AE49CAD5
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0DDD Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 964b6a651a50dbeac639702008e3b00bbcc0cf98e03a1f2eb7c544b083e1bc00
                                                                                                                                                                                                                                                  • Instruction ID: aeed28621ebe48100f992581aced493571c6d62cb23d3a97b9c180d1897ae545
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 964b6a651a50dbeac639702008e3b00bbcc0cf98e03a1f2eb7c544b083e1bc00
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04318DB5C0978E8FDB46DF6888555A9BFB0FF26300F0581AAE448D7293E734EA54C781
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1681 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6d2e6f2a3c922c0dd99f37308a3707ab06555ae1a80c9e4fa2b2ce4e4c98534d
                                                                                                                                                                                                                                                  • Instruction ID: 7c84c51bd7bb61b5c2a8c72cc808e1ed87c8ac0de531488036ccd9894ea5f29c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d2e6f2a3c922c0dd99f37308a3707ab06555ae1a80c9e4fa2b2ce4e4c98534d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F31B0B5C0D7898FEB429F2498552A97FB0FF6B200F0541F7D448C7193E634AE148791
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0EA5 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dcb1d99dd1d964eee81ab8bef4fd423b89261f73a7b704c92c1a27a3f67dfe5d
                                                                                                                                                                                                                                                  • Instruction ID: 897d243ef217efa36b5e02cbe87f5eace4d85c8100a55e684397fbf41bfe5df6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcb1d99dd1d964eee81ab8bef4fd423b89261f73a7b704c92c1a27a3f67dfe5d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F31BCB190E3899FDB86AF6888155A97FB0FF5B300F0581EAE408DB293D7359A15C781
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1265 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 83cd17c6ce641e0f587b241da356d583cf269e216e46f5aa898e819ca177f321
                                                                                                                                                                                                                                                  • Instruction ID: 1fbdc0c304902f783234552fe0a2888ee1d10de522a81f00319e5e0895301b83
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83cd17c6ce641e0f587b241da356d583cf269e216e46f5aa898e819ca177f321
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6031E13290E6894FDB52DF6888155E97FB0FF6B220F0901EBD048DB193DA28A94883D1
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0D21 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c99f8587f378cd8d653a3a7465145c6b17c5b31e00e94d516721236831b54609
                                                                                                                                                                                                                                                  • Instruction ID: 09f68a95b8f478684dc7c75930b481e7281b0596a9648aa487d0245c74d32d44
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c99f8587f378cd8d653a3a7465145c6b17c5b31e00e94d516721236831b54609
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60318DB1C093898FDB46CFA488555AD7FB0BF1A300F0585AAD408D7293DB34AA18C785
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1E85 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a048398fca5c6968a0b3de7c1b97473953b104c8cef88f0921852a55e23100bc
                                                                                                                                                                                                                                                  • Instruction ID: 385a4e1bca1618edafc177eb9654b48c5b363b5dac33db02d4345a9e0366cfe1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a048398fca5c6968a0b3de7c1b97473953b104c8cef88f0921852a55e23100bc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC31BFB180E7C98FE7529B6498155E97FB0FF1B310F0501EBE148DB1A3D625A918C7D1
                                                                                                                                                                                                                                                  Function 00007FFAAC90BE01 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807539110.00007FFAAC900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC900000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac900000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2f43a94e1b1d84a74efc87717ca339a0c06926f390e086f9733aac48491361b6
                                                                                                                                                                                                                                                  • Instruction ID: 9ececf25b4b4f9a93782989f7c3b516a9efa74278d559488051274952cfd1ad6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f43a94e1b1d84a74efc87717ca339a0c06926f390e086f9733aac48491361b6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE315C75B1410A8BDB4CCE59D9509BE73F3EBD8301B24812E944BE7385DA349E16CB51
                                                                                                                                                                                                                                                  Function 00007FFAAC8B2281 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fbd921962711c2a062613bdc12a1705a24030d0f061a7ce6cccdea833e3b5a4f
                                                                                                                                                                                                                                                  • Instruction ID: 55d7263de60f581086277fbc8eca1faa554099c9b65a27577350c5e4bc0b9289
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbd921962711c2a062613bdc12a1705a24030d0f061a7ce6cccdea833e3b5a4f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D219EB1C0D7C98FEB429F7488155A97FB0FF1B200F4645EBD058C71A3EA28A909C751
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1039 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 320bba91429d04a394fa4d3f0b7898c672defb774ff85b6ae53ed45b02d9c65e
                                                                                                                                                                                                                                                  • Instruction ID: 64130a26f45fb9a7c8e52f283eaba38ea3a5cb07ac8f1681583724462a61faa7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 320bba91429d04a394fa4d3f0b7898c672defb774ff85b6ae53ed45b02d9c65e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F2159B180E389DFE7569F6888541A97FB0BF57210F0941FBD488CB193DA39A909CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC8B2331 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4400b4a6c01d11b46bbba273492d8836daaa358fcee2982a118254e18dd66a75
                                                                                                                                                                                                                                                  • Instruction ID: eeb0af6f071b6cfccc89ee17371609da3ac8d5d87aee99d597e8b76471c9b43a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4400b4a6c01d11b46bbba273492d8836daaa358fcee2982a118254e18dd66a75
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F921B07180D38A8FD746DF68C8552A97FB0FF5A210F0645FAD488CB193D738AA15C781
                                                                                                                                                                                                                                                  Function 00007FFAAC8B1B4D Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bd266997731d5d80b2cf56583c28fc61029e2973abd09f782bd2c9a51ff82a6a
                                                                                                                                                                                                                                                  • Instruction ID: bd74915fcb68719adc451371dc4d190a190f68f1ee072c08417c3e3fc140127b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd266997731d5d80b2cf56583c28fc61029e2973abd09f782bd2c9a51ff82a6a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2117FB1C0D7899FDB429F6888646A87FB0FF27201F0505EBD448DB1A3EA25A518C752
                                                                                                                                                                                                                                                  Function 00007FFAAC8B11A5 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c4fbab36cc52d04406126ccf389f9c9904b519f9ef359a6915e3e320d882cf5d
                                                                                                                                                                                                                                                  • Instruction ID: 586dfd3c7c8fabf7f46c666cc4fb932092e69bb9c80661b741e4c3cdf28756fd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4fbab36cc52d04406126ccf389f9c9904b519f9ef359a6915e3e320d882cf5d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA217C7194D3898FD746DF2498542A97BB0FF56200F4601FBD458CB193E7389A09CB91
                                                                                                                                                                                                                                                  Function 00007FFAAC8B23F1 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3c14abed18a0a722c0c25be2a7a86bcc764fe3fa0da6c3675e39e3504ced48a4
                                                                                                                                                                                                                                                  • Instruction ID: 470a6051560a2cfc020fac385233d214e6b87a399da21e518c08f3a34b07140c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c14abed18a0a722c0c25be2a7a86bcc764fe3fa0da6c3675e39e3504ced48a4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71118EB180D7C98FDB42DF64C8581A9BFB0FF17210B0945EBD498CB1A3E6389515C742
                                                                                                                                                                                                                                                  Function 00007FFAAC8B260D Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b20c8f0d10d7dec7afb9a9086167b56ba4308e84c19d3261be1555947c23bbfc
                                                                                                                                                                                                                                                  • Instruction ID: 13c4a6cbcb26cb48511bd54a5faa05517a81bb014c9e4fa0d1dec583aefbc48c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b20c8f0d10d7dec7afb9a9086167b56ba4308e84c19d3261be1555947c23bbfc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5611CEB580E3CA8FD7439B6488282A57FB0FF17210F4A41FBE448CB0A3E668A915C745
                                                                                                                                                                                                                                                  Function 00007FFAAC8B15E0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 856fb58cf706ecad4b704cb502817414d42726de30e61cdab1dc7bb12a01f42d
                                                                                                                                                                                                                                                  • Instruction ID: 5895cec16794883aa9959f75efa8bc486446108f79e307f1f6a839e624e43cf3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 856fb58cf706ecad4b704cb502817414d42726de30e61cdab1dc7bb12a01f42d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D2160B5C0E38A9FD7429F68D8152A97FB0FF5B200F0501E7D458CB2A3E6749A14C791
                                                                                                                                                                                                                                                  Function 00007FFAAC8B0AE8 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3807065900.00007FFAAC8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC8B0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac8b0000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2c0bd2aaeda04aea9b76a5be736ca88e6f7db75600ba37defc3d515eef643637
                                                                                                                                                                                                                                                  • Instruction ID: 5fc15ae50a2ebbb035b29d21fa4062492b735fedab71c75159f940ac4a80f880
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c0bd2aaeda04aea9b76a5be736ca88e6f7db75600ba37defc3d515eef643637
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0219DB0D0E3899FDB06CF6488A45ADBFB0BF17304F0544EBD44897293D634AA18C795
                                                                                                                                                                                                                                                  Function 00007FFAAC820795 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3806165142.00007FFAAC820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC820000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7ffaac820000_cabbage.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "9$"9$"9$$?_H$>z,6
                                                                                                                                                                                                                                                  • API String ID: 0-2790298339
                                                                                                                                                                                                                                                  • Opcode ID: b50fd030a15aca8beeb8fca0352b58c4a467030ead5c0dc0aaf38dda6deba0fd
                                                                                                                                                                                                                                                  • Instruction ID: 31a7fd2f98197c450c9aa44903d500b16a83a6a42660a06508cd1fa3de54785c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b50fd030a15aca8beeb8fca0352b58c4a467030ead5c0dc0aaf38dda6deba0fd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C51D071E055188FEB98CF59C8846FDB3F2FB98301F24C1AAD04EE7685DA34AE458B54

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:7.1%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:4.4%
                                                                                                                                                                                                                                                  Total number of Nodes:544
                                                                                                                                                                                                                                                  Total number of Limit Nodes:61
                                                                                                                                                                                                                                                  execution_graph 24456 3c53bf4 24457 3c53c00 __FrameHandler3::FrameUnwindToState 24456->24457 24474 3c53718 24457->24474 24459 3c53c07 ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler ___scrt_release_startup_lock 24460 3c53d5a 24459->24460 24464 3c53c50 24459->24464 24466 3c53cd1 24459->24466 24484 3c5d55c 3 API calls 3 library calls 24459->24484 24487 3c5d9ab GetPEB RtlAllocateHeap GetPEB __InternalCxxFrameHandler 24460->24487 24462 3c53d67 24488 3c5d96f GetPEB RtlAllocateHeap GetPEB __InternalCxxFrameHandler 24462->24488 24465 3c53d6f Concurrency::cancel_current_task 24478 3c372a0 24466->24478 24469 3c53cec __InternalCxxFrameHandler 24469->24460 24470 3c53cf7 24469->24470 24471 3c53d00 24470->24471 24485 3c5d960 GetPEB RtlAllocateHeap GetPEB __InternalCxxFrameHandler 24470->24485 24486 3c53889 GetPEB RtlAllocateHeap GetPEB ___scrt_uninitialize_crt 24471->24486 24475 3c53721 24474->24475 24477 3c53736 ___scrt_uninitialize_crt 24475->24477 24489 3c5e357 24475->24489 24477->24459 24479 3c372d7 24478->24479 24481 3c3731c CatchGuardHandler 24479->24481 24537 3c56b93 24479->24537 24481->24469 24484->24466 24485->24471 24486->24464 24487->24462 24488->24465 24492 3c61f69 24489->24492 24493 3c61f79 24492->24493 24494 3c5e366 24492->24494 24493->24494 24497 3c60982 24493->24497 24501 3c60a36 24493->24501 24494->24477 24498 3c60989 24497->24498 24499 3c60a32 24498->24499 24500 3c609df GetFileType 24498->24500 24499->24493 24500->24498 24502 3c60a42 __InternalCxxFrameHandler __FrameHandler3::FrameUnwindToState 24501->24502 24509 3c62732 24502->24509 24504 3c60a58 24505 3c60a67 24504->24505 24518 3c608cc RtlAllocateHeap 24504->24518 24505->24493 24507 3c60a62 24508 3c60982 GetFileType 24507->24508 24508->24505 24510 3c6273e __FrameHandler3::FrameUnwindToState 24509->24510 24511 3c62747 24510->24511 24512 3c62768 __InternalCxxFrameHandler 24510->24512 24524 3c5f4be 24511->24524 24517 3c62756 24512->24517 24519 3c62682 24512->24519 24517->24504 24518->24507 24528 3c5ec87 24519->24528 24521 3c62694 24532 3c5ece4 24521->24532 24536 3c5f1b3 RtlAllocateHeap __dosmaperr __freea 24524->24536 24526 3c5f4c3 24527 3c56b32 RtlAllocateHeap ___std_exception_copy 24526->24527 24527->24517 24531 3c5ec94 __dosmaperr 24528->24531 24529 3c5ecbf RtlAllocateHeap 24530 3c5ecd2 __dosmaperr 24529->24530 24529->24531 24530->24521 24531->24529 24531->24530 24533 3c5ed0a 24532->24533 24534 3c5ecef 24532->24534 24533->24512 24535 3c5f4be __dosmaperr RtlAllocateHeap 24534->24535 24535->24533 24536->24526 24540 3c5f2ae 24537->24540 24538 3c5f4be __dosmaperr RtlAllocateHeap 24539 3c372f8 24538->24539 24539->24481 24541 3c53180 24539->24541 24540->24538 24550 3c5355d 24541->24550 24543 3c531ae __cftof 24544 3c531c0 CreateFileMappingW 24543->24544 24545 3c5323c MapViewOfFile 24544->24545 24547 3c53258 24544->24547 24546 3c5328c 24545->24546 24545->24547 24548 3c5355d RtlAllocateHeap 24546->24548 24547->24481 24549 3c532af 24548->24549 24549->24481 24552 3c53562 __dosmaperr 24550->24552 24551 3c56b93 ___std_exception_copy RtlAllocateHeap 24551->24552 24552->24551 24553 3c5357c 24552->24553 24555 3c310f0 Concurrency::cancel_current_task 24552->24555 24553->24543 24554 3c53588 Concurrency::cancel_current_task 24555->24554 24558 3c546db RtlAllocateHeap ___std_exception_copy 24555->24558 24557 3c31133 24557->24543 24558->24557 24559 3c3b990 24560 3c3b99d 24559->24560 24561 3c3b9d8 24560->24561 24562 3c3b9fd 24560->24562 24563 3c3ba73 24561->24563 24564 3c5355d RtlAllocateHeap 24561->24564 24565 3c5355d RtlAllocateHeap 24562->24565 24568 3c3b9e9 __InternalCxxFrameHandler 24562->24568 24576 3c310f0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 24563->24576 24564->24568 24565->24568 24567 3c3ba78 24572 3c3ba50 24568->24572 24573 3c56b42 24568->24573 24577 3c56ace RtlAllocateHeap __dosmaperr ___std_exception_copy 24573->24577 24575 3c56b51 ___std_exception_copy 24576->24567 24577->24575 24578 3c4acd0 24579 3c4aceb ___scrt_uninitialize_crt 24578->24579 24580 3c4ad22 CreateFileA 24579->24580 24581 3c4add5 CreateFileA 24580->24581 24582 3c4ad3f 24580->24582 24583 3c4adcd 24581->24583 24584 3c4adfc 24581->24584 24585 3c56b93 ___std_exception_copy RtlAllocateHeap 24582->24585 24588 3c4b170 CatchGuardHandler 24583->24588 24591 3c56b42 RtlAllocateHeap 24583->24591 24625 3c3e9f0 RtlAllocateHeap __InternalCxxFrameHandler 24584->24625 24586 3c4ad4e 24585->24586 24586->24583 24592 3c4ad7a CloseHandle 24586->24592 24589 3c4ae90 24626 3c3ed10 RtlAllocateHeap __InternalCxxFrameHandler 24589->24626 24593 3c4b1a4 24591->24593 24594 3c4adc2 24592->24594 24595 3c4ad88 24592->24595 24622 3c5696b 24594->24622 24595->24594 24600 3c4d5f0 24595->24600 24598 3c4aeaf __cftof 24598->24583 24599 3c56b42 RtlAllocateHeap 24598->24599 24599->24583 24601 3c4d725 24600->24601 24602 3c4d618 24600->24602 24627 3c3d550 RtlAllocateHeap std::_Xinvalid_argument 24601->24627 24603 3c4d632 24602->24603 24606 3c4d677 24602->24606 24605 3c4d72a 24603->24605 24607 3c5355d RtlAllocateHeap 24603->24607 24628 3c310f0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 24605->24628 24609 3c5355d RtlAllocateHeap 24606->24609 24615 3c4d642 __InternalCxxFrameHandler 24606->24615 24607->24615 24609->24615 24610 3c4d72f 24611 3c4d870 24610->24611 24612 3c4d79c 24610->24612 24647 3c3d550 RtlAllocateHeap std::_Xinvalid_argument 24611->24647 24629 3c3be00 RtlAllocateHeap Concurrency::cancel_current_task 24612->24629 24613 3c56b42 RtlAllocateHeap 24613->24601 24615->24613 24617 3c4d6f8 24615->24617 24616 3c4d875 24617->24595 24619 3c4d7dc 24630 3c3b690 24619->24630 24621 3c4d804 24621->24595 24623 3c5ece4 __freea RtlAllocateHeap 24622->24623 24624 3c56983 24623->24624 24624->24583 24625->24589 24626->24598 24627->24605 24628->24610 24629->24619 24631 3c3b6bb 24630->24631 24632 3c3b6c2 24631->24632 24633 3c3b6f5 24631->24633 24634 3c3b714 24631->24634 24632->24621 24635 3c3b74a 24633->24635 24636 3c3b6fc 24633->24636 24639 3c5355d RtlAllocateHeap 24634->24639 24641 3c3b709 __InternalCxxFrameHandler 24634->24641 24648 3c310f0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 24635->24648 24638 3c5355d RtlAllocateHeap 24636->24638 24640 3c3b702 24638->24640 24639->24641 24640->24641 24642 3c56b42 RtlAllocateHeap 24640->24642 24641->24621 24644 3c3b754 24642->24644 24643 3c3b76a 24643->24621 24644->24643 24645 3c56b42 RtlAllocateHeap 24644->24645 24646 3c3b7f4 24645->24646 24647->24616 24648->24640 24649 3c4e720 24650 3c4e797 CatchGuardHandler 24649->24650 24651 3c4e7bd CryptUnprotectData 24649->24651 24652 3c4e816 24651->24652 24652->24650 24653 3c56b42 RtlAllocateHeap 24652->24653 24654 3c4e849 24653->24654 24655 3c3202b 24656 3c32033 24655->24656 24689 3c32093 __cftof 24655->24689 24703 3c3b800 24656->24703 24657 3c32e38 CatchGuardHandler 24660 3c32069 24711 3c3beb0 24660->24711 24661 3c4dfc0 3 API calls 24699 3c3280d __cftof 24661->24699 24663 3c321eb 24664 3c32203 24663->24664 24665 3c32e58 24663->24665 24727 3c3d9e0 24664->24727 24778 3c31190 RtlAllocateHeap CatchGuardHandler std::_Xinvalid_argument 24665->24778 24668 3c3b690 RtlAllocateHeap 24668->24689 24670 3c32e5d 24779 3c3bea0 RtlAllocateHeap 24670->24779 24671 3c32225 24673 3c32e53 24675 3c56b42 RtlAllocateHeap 24673->24675 24675->24665 24677 3c3b690 RtlAllocateHeap 24677->24699 24684 3c3b780 RtlAllocateHeap 24684->24699 24685 3c3d140 RtlAllocateHeap 24685->24699 24689->24663 24689->24668 24689->24670 24689->24673 24689->24699 24716 3c4dfc0 24689->24716 24754 3c3d140 RtlAllocateHeap __InternalCxxFrameHandler Concurrency::cancel_current_task __cftof 24689->24754 24755 3c3df50 RtlAllocateHeap 24689->24755 24756 3c3a9a0 RtlAllocateHeap 24689->24756 24757 3c3c660 RtlAllocateHeap Concurrency::cancel_current_task 24689->24757 24758 3c3b780 24689->24758 24699->24657 24699->24661 24699->24670 24699->24673 24699->24677 24699->24684 24699->24685 24763 3c3cdc0 RtlAllocateHeap 24699->24763 24764 3c3e110 RtlAllocateHeap 24699->24764 24765 3c3b2d0 24699->24765 24771 3c3c8a0 RtlAllocateHeap Concurrency::cancel_current_task 24699->24771 24772 3c31490 24699->24772 24707 3c3b81e __InternalCxxFrameHandler 24703->24707 24708 3c3b850 __InternalCxxFrameHandler 24703->24708 24704 3c3b902 24780 3c31190 RtlAllocateHeap CatchGuardHandler std::_Xinvalid_argument 24704->24780 24706 3c3b907 24707->24660 24708->24704 24709 3c3b8e1 24708->24709 24710 3c56b42 RtlAllocateHeap 24708->24710 24709->24660 24710->24704 24781 3c3eb70 24711->24781 24713 3c3bf53 24713->24689 24714 3c3bf03 24714->24713 24795 3c3f000 24714->24795 24717 3c4e052 24716->24717 24718 3c4e0d1 FindFirstFileA 24717->24718 24725 3c4e12c 24718->24725 24719 3c4e1da 24722 3c3b780 RtlAllocateHeap 24719->24722 24720 3c56b42 RtlAllocateHeap 24723 3c4e71f 24720->24723 24721 3c4e6b2 FindNextFileA 24721->24719 24721->24725 24724 3c4e6fd CatchGuardHandler 24722->24724 24724->24689 24724->24720 24725->24719 24725->24721 24725->24724 24726 3c3cdc0 RtlAllocateHeap 24725->24726 24726->24725 24728 3c3da24 24727->24728 24730 3c3da84 __InternalCxxFrameHandler 24727->24730 24729 3c3da7a 24728->24729 24731 3c3dacb 24728->24731 24729->24730 24733 3c5355d RtlAllocateHeap 24729->24733 24730->24671 24823 3c310f0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 24731->24823 24733->24730 24734 3c3dad0 24735 3c56b42 RtlAllocateHeap 24734->24735 24736 3c3dad5 24735->24736 24737 3c3db50 24736->24737 24738 3c3db21 24736->24738 24824 3c310f0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 24737->24824 24739 3c3db3e 24738->24739 24740 3c5355d RtlAllocateHeap 24738->24740 24739->24671 24742 3c3db2b 24740->24742 24742->24671 24743 3c3db55 24744 3c56b42 RtlAllocateHeap 24743->24744 24745 3c3db5a 24744->24745 24825 3c31190 RtlAllocateHeap CatchGuardHandler std::_Xinvalid_argument 24745->24825 24747 3c3dd26 24748 3c56b42 RtlAllocateHeap 24747->24748 24749 3c3dd2b 24748->24749 24826 3c31190 RtlAllocateHeap CatchGuardHandler std::_Xinvalid_argument 24749->24826 24751 3c3deb6 24752 3c56b42 RtlAllocateHeap 24751->24752 24753 3c3debb 24752->24753 24754->24689 24755->24689 24756->24689 24757->24689 24759 3c3b7cc 24758->24759 24760 3c3b789 24758->24760 24759->24689 24760->24759 24761 3c56b42 RtlAllocateHeap 24760->24761 24762 3c3b7f4 24761->24762 24763->24699 24764->24699 24766 3c3b31b 24765->24766 24767 3c3b35a 24765->24767 24827 3c3be00 RtlAllocateHeap Concurrency::cancel_current_task 24766->24827 24767->24699 24769 3c3b336 24828 3c3cee0 RtlAllocateHeap CatchGuardHandler 24769->24828 24771->24699 24773 3c3b780 RtlAllocateHeap 24772->24773 24774 3c3149b 24773->24774 24775 3c56b42 RtlAllocateHeap 24774->24775 24776 3c31500 24774->24776 24777 3c31524 24775->24777 24776->24699 24778->24670 24780->24706 24782 3c3ec74 __InternalCxxFrameHandler 24781->24782 24783 3c3eb8b 24781->24783 24782->24714 24783->24782 24784 3c3ed01 24783->24784 24787 3c3ec21 24783->24787 24788 3c3ebfa 24783->24788 24794 3c3ec0b __InternalCxxFrameHandler 24783->24794 24818 3c31190 RtlAllocateHeap CatchGuardHandler std::_Xinvalid_argument 24784->24818 24786 3c3ed06 24819 3c310f0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 24786->24819 24792 3c5355d RtlAllocateHeap 24787->24792 24787->24794 24788->24786 24791 3c5355d RtlAllocateHeap 24788->24791 24790 3c3ed0b 24791->24794 24792->24794 24793 3c56b42 RtlAllocateHeap 24793->24784 24794->24782 24794->24793 24796 3c3f023 24795->24796 24797 3c3f129 24795->24797 24801 3c3f065 24796->24801 24802 3c3f08f 24796->24802 24820 3c31190 RtlAllocateHeap CatchGuardHandler std::_Xinvalid_argument 24797->24820 24799 3c3f12e 24821 3c310f0 RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 24799->24821 24801->24799 24803 3c3f070 24801->24803 24806 3c5355d RtlAllocateHeap 24802->24806 24808 3c3f076 __InternalCxxFrameHandler 24802->24808 24805 3c5355d RtlAllocateHeap 24803->24805 24804 3c56b42 RtlAllocateHeap 24807 3c3f138 24804->24807 24805->24808 24806->24808 24811 3c3f403 24807->24811 24815 3c3f312 24807->24815 24817 3c3f000 3 API calls 24807->24817 24822 3c56d06 GetPEB RtlAllocateHeap GetPEB __fassign 24807->24822 24808->24804 24809 3c3f0eb __InternalCxxFrameHandler 24808->24809 24809->24714 24812 3c3f46d CatchGuardHandler 24811->24812 24813 3c56b42 RtlAllocateHeap 24811->24813 24812->24714 24814 3c3f49f 24813->24814 24815->24811 24816 3c3f000 3 API calls 24815->24816 24816->24815 24817->24807 24818->24786 24819->24790 24820->24799 24821->24808 24822->24807 24823->24734 24824->24743 24825->24747 24826->24751 24827->24769 24828->24767 24829 3c374e9 24830 3c37544 __InternalCxxFrameHandler 24829->24830 24832 3c37551 24830->24832 24833 3c525f0 24830->24833 24834 3c52618 CatchGuardHandler 24833->24834 24836 3c52634 24833->24836 24834->24832 24835 3c5263a CatchGuardHandler 24835->24832 24836->24835 24847 3c527aa __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 24836->24847 24868 3c5d297 GetPEB RtlAllocateHeap GetPEB __dosmaperr ___std_exception_copy 24836->24868 24838 3c52728 24838->24847 24869 3c5d297 GetPEB RtlAllocateHeap GetPEB __dosmaperr ___std_exception_copy 24838->24869 24840 3c5273e 24840->24847 24870 3c5d297 GetPEB RtlAllocateHeap GetPEB __dosmaperr ___std_exception_copy 24840->24870 24842 3c52750 24842->24847 24871 3c5d297 GetPEB RtlAllocateHeap GetPEB __dosmaperr ___std_exception_copy 24842->24871 24844 3c52762 24844->24847 24872 3c5d297 GetPEB RtlAllocateHeap GetPEB __dosmaperr ___std_exception_copy 24844->24872 24846 3c52774 24846->24847 24873 3c5d297 GetPEB RtlAllocateHeap GetPEB __dosmaperr ___std_exception_copy 24846->24873 24847->24835 24847->24847 24853 3c52c5b 24847->24853 24876 3c5d209 GetPEB RtlAllocateHeap GetPEB _unexpected 24847->24876 24849 3c52786 24849->24847 24874 3c5d297 GetPEB RtlAllocateHeap GetPEB __dosmaperr ___std_exception_copy 24849->24874 24851 3c52798 24851->24847 24875 3c5d297 GetPEB RtlAllocateHeap GetPEB __dosmaperr ___std_exception_copy 24851->24875 24856 3c52c75 24853->24856 24861 3c5d1e8 24853->24861 24858 3c52d3e __InternalCxxFrameHandler 24856->24858 24864 3c522b0 24856->24864 24858->24835 24859 3c5355d RtlAllocateHeap 24858->24859 24860 3c52ffc CatchGuardHandler 24859->24860 24860->24832 24877 3c5f05c 24861->24877 24865 3c522c6 24864->24865 24867 3c522d0 __cftof 24864->24867 24866 3c5355d RtlAllocateHeap 24865->24866 24866->24867 24867->24858 24868->24838 24869->24840 24870->24842 24871->24844 24872->24846 24873->24849 24874->24851 24875->24847 24876->24853 24878 3c5f066 __dosmaperr 24877->24878 24879 3c5ec87 __dosmaperr RtlAllocateHeap 24878->24879 24880 3c5f07f 24878->24880 24882 3c5f0a7 __dosmaperr 24879->24882 24881 3c5d1ed 24880->24881 24892 3c5e6b3 GetPEB RtlAllocateHeap GetPEB __InternalCxxFrameHandler 24880->24892 24881->24853 24884 3c5f0e7 24882->24884 24885 3c5f0af __dosmaperr 24882->24885 24891 3c5ee8a RtlAllocateHeap __dosmaperr 24884->24891 24887 3c5ece4 __freea RtlAllocateHeap 24885->24887 24887->24880 24889 3c5f0f2 24890 3c5ece4 __freea RtlAllocateHeap 24889->24890 24890->24880 24891->24889 24893 3c375bd 25051 3c34eb0 24893->25051 24895 3c375d2 24896 3c525f0 3 API calls 24895->24896 24898 3c375f2 24895->24898 24896->24898 24900 3c3a978 24898->24900 25091 3c34390 24898->25091 24899 3c3768a 25098 3c335d0 24899->25098 24902 3c56b42 RtlAllocateHeap 24900->24902 24904 3c3a97d 24902->24904 24903 3c376bc 24905 3c36660 FindFirstFileA RtlAllocateHeap 24903->24905 25103 3c31190 RtlAllocateHeap CatchGuardHandler std::_Xinvalid_argument 24904->25103 24908 3c376e3 24905->24908 24907 3c3a982 24909 3c56b42 RtlAllocateHeap 24907->24909 24910 3c357c0 RtlAllocateHeap 24908->24910 24911 3c3a987 24909->24911 24933 3c37707 24910->24933 24912 3c56b42 RtlAllocateHeap 24911->24912 24913 3c3a98c 24912->24913 24914 3c56b42 RtlAllocateHeap 24913->24914 24916 3c3a991 24914->24916 24915 3c37de6 24918 3c32f00 GetPEB RtlAllocateHeap GetPEB 24915->24918 24917 3c56b42 RtlAllocateHeap 24916->24917 24921 3c3a996 24917->24921 24922 3c37df1 24918->24922 24919 3c3e9f0 RtlAllocateHeap 24919->24933 24920 3c3e9f0 RtlAllocateHeap 24936 3c378c3 24920->24936 24925 3c36510 connect 24922->24925 24923 3c3e9f0 RtlAllocateHeap 24932 3c37a76 24923->24932 24924 3c3ed10 RtlAllocateHeap 24924->24933 24930 3c37e00 24925->24930 24926 3c3e9f0 RtlAllocateHeap 24939 3c37c2e 24926->24939 24927 3c3ed10 RtlAllocateHeap 24927->24936 24928 3c3ed10 RtlAllocateHeap 24928->24932 24929 3c3ed10 RtlAllocateHeap 24929->24939 24930->24904 24938 3c3d9e0 RtlAllocateHeap 24930->24938 24931 3c525f0 GetPEB RtlAllocateHeap GetPEB 24931->24933 24932->24900 24932->24923 24932->24928 24935 3c525f0 GetPEB RtlAllocateHeap GetPEB 24932->24935 24932->24939 24933->24900 24933->24919 24933->24924 24933->24931 24933->24936 24934 3c525f0 GetPEB RtlAllocateHeap GetPEB 24934->24936 24935->24932 24936->24900 24936->24920 24936->24927 24936->24932 24936->24934 24937 3c525f0 GetPEB RtlAllocateHeap GetPEB 24937->24939 24940 3c37e7f __InternalCxxFrameHandler 24938->24940 24939->24900 24939->24915 24939->24926 24939->24929 24939->24937 24940->24907 24941 3c525f0 GetPEB RtlAllocateHeap GetPEB 24940->24941 24942 3c3848e 24940->24942 24941->24942 24943 3c525f0 GetPEB RtlAllocateHeap GetPEB 24942->24943 24983 3c384d4 __InternalCxxFrameHandler __cftof 24942->24983 24943->24983 24944 3c39150 24945 3c36cc0 RtlAllocateHeap 24944->24945 24960 3c39167 24945->24960 24946 3c3b690 RtlAllocateHeap 24946->24983 24947 3c3a640 24950 3c53330 GetPEB RtlAllocateHeap GetPEB 24947->24950 24948 3c3bd80 RtlAllocateHeap 24948->24983 24949 3c31530 RtlAllocateHeap 24949->24983 24956 3c3a658 24950->24956 24951 3c3e9f0 RtlAllocateHeap 24951->24960 24952 3c3cd10 RtlAllocateHeap 24952->24983 24953 3c3ed10 RtlAllocateHeap 24953->24960 24954 3c3b690 RtlAllocateHeap 25050 3c392ef __InternalCxxFrameHandler __cftof 24954->25050 24955 3c49bf0 CharLowerA GetPEB RtlAllocateHeap GetPEB 24955->24983 24957 3c53330 GetPEB RtlAllocateHeap GetPEB 24956->24957 24964 3c3a67e 24956->24964 24957->24964 24958 3c3d9e0 RtlAllocateHeap 24958->24983 24959 3c525f0 GetPEB RtlAllocateHeap GetPEB 24959->24960 24960->24900 24960->24951 24960->24953 24960->24959 24960->25050 24961 3c3b2d0 RtlAllocateHeap 24961->25050 24962 3c3ada0 RtlAllocateHeap 24962->24983 24963 3c312d0 RtlAllocateHeap 24963->25050 24967 3c3c0e0 RtlAllocateHeap 24964->24967 24965 3c3be00 RtlAllocateHeap 24965->24983 24966 3c3ae40 RtlAllocateHeap 24966->24983 24979 3c3a708 24967->24979 24968 3c3cee0 RtlAllocateHeap 24968->24983 24969 3c3b800 RtlAllocateHeap 24969->24983 24970 3c3b080 RtlAllocateHeap 24970->24983 24971 3c3e9f0 RtlAllocateHeap 24971->24983 24972 3c3d9e0 RtlAllocateHeap 24972->25050 24973 3c444d0 GetPEB RtlAllocateHeap GetPEB 24973->25050 24974 3c3b150 RtlAllocateHeap 24974->24983 24975 3c3ed10 RtlAllocateHeap 24975->24983 24976 3c3d5f0 RtlAllocateHeap 24976->24983 24977 3c42000 FindFirstFileA FindNextFileA FindFirstFileA RtlAllocateHeap 24977->25050 24978 3c525f0 GetPEB RtlAllocateHeap GetPEB 24978->24983 24980 3c3b580 RtlAllocateHeap 24979->24980 24982 3c3a7d0 24980->24982 24981 3c3b780 RtlAllocateHeap 24981->24983 24984 3c3b580 RtlAllocateHeap 24982->24984 24983->24900 24983->24904 24983->24911 24983->24913 24983->24944 24983->24946 24983->24948 24983->24949 24983->24952 24983->24955 24983->24958 24983->24962 24983->24965 24983->24966 24983->24968 24983->24969 24983->24970 24983->24971 24983->24974 24983->24975 24983->24976 24983->24978 24983->24981 24985 3c3a7db 24984->24985 24986 3c3b580 RtlAllocateHeap 24985->24986 24987 3c3a7e6 24986->24987 24988 3c3b580 RtlAllocateHeap 24987->24988 24989 3c3a7f1 24988->24989 24990 3c3b580 RtlAllocateHeap 24989->24990 24991 3c3a7fc 24990->24991 24992 3c3b580 RtlAllocateHeap 24991->24992 24993 3c3a807 24992->24993 24994 3c3b580 RtlAllocateHeap 24993->24994 24995 3c3a812 24994->24995 24996 3c3b580 RtlAllocateHeap 24995->24996 24997 3c3a81d 24996->24997 24998 3c3b580 RtlAllocateHeap 24997->24998 24999 3c3a828 24998->24999 25000 3c3b580 RtlAllocateHeap 24999->25000 25001 3c3a833 25000->25001 25002 3c3b580 RtlAllocateHeap 25001->25002 25003 3c3a83e 25002->25003 25004 3c3b580 RtlAllocateHeap 25003->25004 25005 3c3a849 25004->25005 25006 3c3b580 RtlAllocateHeap 25005->25006 25007 3c3a854 25006->25007 25008 3c3b580 RtlAllocateHeap 25007->25008 25009 3c3a860 25008->25009 25010 3c53330 GetPEB RtlAllocateHeap GetPEB 25009->25010 25011 3c3a884 25010->25011 25013 3c53330 GetPEB RtlAllocateHeap GetPEB 25011->25013 25012 3c3bf70 RtlAllocateHeap 25012->25050 25014 3c3a8a5 25013->25014 25015 3c36450 send connect 25014->25015 25016 3c3a8cd 25015->25016 25017 3c3b580 RtlAllocateHeap 25016->25017 25018 3c3a8d8 25017->25018 25019 3c3ada0 RtlAllocateHeap 25018->25019 25020 3c3a8e0 25019->25020 25021 3c3b580 RtlAllocateHeap 25020->25021 25022 3c3a8e8 25021->25022 25023 3c3b580 RtlAllocateHeap 25022->25023 25024 3c3a8f3 25023->25024 25025 3c3b580 RtlAllocateHeap 25024->25025 25026 3c3a8fe 25025->25026 25027 3c3b580 RtlAllocateHeap 25026->25027 25028 3c3a909 25027->25028 25029 3c3b580 RtlAllocateHeap 25028->25029 25030 3c3a914 25029->25030 25031 3c3b580 RtlAllocateHeap 25030->25031 25032 3c3a91f 25031->25032 25033 3c334f0 RtlAllocateHeap 25032->25033 25034 3c3a92a 25033->25034 25035 3c3ada0 RtlAllocateHeap 25034->25035 25036 3c3a935 25035->25036 25037 3c3ada0 RtlAllocateHeap 25036->25037 25038 3c3a940 25037->25038 25039 3c3ada0 RtlAllocateHeap 25038->25039 25041 3c3a94b 25039->25041 25040 3c3c2b0 RtlAllocateHeap 25040->25050 25042 3c3ada0 RtlAllocateHeap 25041->25042 25043 3c3a956 CatchGuardHandler 25042->25043 25044 3c3b390 RtlAllocateHeap 25044->25050 25045 3c53330 GetPEB RtlAllocateHeap GetPEB 25045->25050 25046 3c3c370 RtlAllocateHeap 25046->25050 25047 3c3c080 RtlAllocateHeap 25047->25050 25048 3c3ab30 RtlAllocateHeap 25048->25050 25049 3c3b580 RtlAllocateHeap 25049->25050 25050->24900 25050->24904 25050->24916 25050->24947 25050->24954 25050->24961 25050->24963 25050->24972 25050->24973 25050->24977 25050->25012 25050->25040 25050->25044 25050->25045 25050->25046 25050->25047 25050->25048 25050->25049 25052 3c34f25 25051->25052 25104 3c3c0e0 25052->25104 25054 3c357aa 25055 3c56b42 RtlAllocateHeap 25054->25055 25063 3c35729 25055->25063 25056 3c34f40 25056->25054 25057 3c3b690 RtlAllocateHeap 25056->25057 25061 3c34ffc 25057->25061 25058 3c56b42 RtlAllocateHeap 25059 3c357b4 25058->25059 25060 3c56b93 ___std_exception_copy RtlAllocateHeap 25059->25060 25062 3c35848 25060->25062 25061->25063 25064 3c3b690 RtlAllocateHeap 25061->25064 25068 3c56b93 ___std_exception_copy RtlAllocateHeap 25062->25068 25063->25058 25066 3c35782 CatchGuardHandler 25063->25066 25065 3c3503a 25064->25065 25108 3c4f0f0 RtlAllocateHeap CatchGuardHandler 25065->25108 25066->24895 25085 3c35870 __InternalCxxFrameHandler 25068->25085 25069 3c35721 25070 3c3b780 RtlAllocateHeap 25069->25070 25070->25063 25071 3c36401 25072 3c5696b ___std_exception_copy RtlAllocateHeap 25071->25072 25073 3c36412 25072->25073 25074 3c5696b ___std_exception_copy RtlAllocateHeap 25073->25074 25075 3c3641d CatchGuardHandler 25074->25075 25075->24895 25076 3c4f360 RtlAllocateHeap 25083 3c35044 __InternalCxxFrameHandler 25076->25083 25077 3c3c0e0 RtlAllocateHeap 25077->25085 25078 3c3b690 RtlAllocateHeap 25078->25083 25079 3c3643d 25081 3c56b42 RtlAllocateHeap 25079->25081 25080 3c4f0f0 RtlAllocateHeap 25080->25083 25082 3c36442 25081->25082 25083->25054 25083->25069 25083->25076 25083->25078 25083->25080 25086 3c3c0e0 RtlAllocateHeap 25083->25086 25089 3c3b780 RtlAllocateHeap 25083->25089 25084 3c3b690 RtlAllocateHeap 25084->25085 25085->25071 25085->25077 25085->25079 25085->25084 25087 3c4efd0 RtlAllocateHeap 25085->25087 25088 3c3e960 RtlAllocateHeap 25085->25088 25090 3c3acd0 RtlAllocateHeap 25085->25090 25086->25083 25087->25085 25088->25085 25089->25083 25090->25085 25095 3c34419 25091->25095 25092 3c56b93 ___std_exception_copy RtlAllocateHeap 25092->25095 25093 3c34671 FindFirstFileA 25093->25095 25094 3c5696b ___std_exception_copy RtlAllocateHeap 25094->25095 25095->25092 25095->25093 25095->25094 25096 3c34e63 CatchGuardHandler 25095->25096 25097 3c3c0e0 RtlAllocateHeap 25095->25097 25096->24899 25097->25095 25099 3c33695 25098->25099 25100 3c3c0e0 RtlAllocateHeap 25099->25100 25101 3c336b0 25100->25101 25101->25101 25102 3c335d0 RtlAllocateHeap 25101->25102 25103->24907 25105 3c3c0f6 25104->25105 25105->25105 25107 3c3c111 __InternalCxxFrameHandler 25105->25107 25109 3c3e600 RtlAllocateHeap __InternalCxxFrameHandler Concurrency::cancel_current_task 25105->25109 25107->25056 25108->25083 25109->25107

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 03C36660 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 427fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1695 3c36660-3c36740 call 3c3b940 call 3c3c0e0 1700 3c36742-3c36751 1695->1700 1701 3c36771-3c367ae FindFirstFileA 1695->1701 1704 3c36753-3c36761 1700->1704 1705 3c36767-3c3676e call 3c538f3 1700->1705 1702 3c36c61-3c36c67 1701->1702 1703 3c367b4-3c367b6 1701->1703 1708 3c36c91-3c36cad call 3c5354f 1702->1708 1709 3c36c69-3c36c75 1702->1709 1707 3c367c0-3c367c7 1703->1707 1704->1705 1710 3c36cae call 3c56b42 1704->1710 1705->1701 1713 3c36c45-3c36c55 1707->1713 1714 3c367cd-3c367d4 1707->1714 1715 3c36c87-3c36c8e call 3c538f3 1709->1715 1716 3c36c77-3c36c85 1709->1716 1718 3c36cb3-3c36cb8 call 3c56b42 1710->1718 1713->1707 1727 3c36c5b 1713->1727 1714->1713 1719 3c367da-3c36841 call 3c3b940 call 3c3c0e0 1714->1719 1715->1708 1716->1715 1716->1718 1731 3c36844-3c36849 1719->1731 1727->1702 1731->1731 1732 3c3684b-3c36859 1731->1732 1733 3c3685b-3c36866 1732->1733 1734 3c3688a-3c368a0 call 3c3d2a0 1732->1734 1736 3c3686a-3c36888 call 3c563a0 1733->1736 1737 3c36868 1733->1737 1739 3c368a5-3c368e6 1734->1739 1736->1739 1737->1736 1741 3c36917-3c3693f 1739->1741 1742 3c368e8-3c368f7 1739->1742 1745 3c36941-3c36950 1741->1745 1746 3c36970-3c369cf call 3c3b940 1741->1746 1743 3c368f9-3c36907 1742->1743 1744 3c3690d-3c36914 call 3c538f3 1742->1744 1743->1710 1743->1744 1744->1741 1749 3c36952-3c36960 1745->1749 1750 3c36966-3c3696d call 3c538f3 1745->1750 1754 3c369d0-3c369d5 1746->1754 1749->1710 1749->1750 1750->1746 1754->1754 1756 3c369d7-3c369ec 1754->1756 1757 3c36a2b-3c36a46 call 3c3d2a0 1756->1757 1758 3c369ee-3c36a29 call 3c563a0 1756->1758 1762 3c36a4b-3c36a83 1757->1762 1758->1762 1763 3c36a85-3c36a94 1762->1763 1764 3c36ab4-3c36b2e call 3c3b690 call 3c4efd0 1762->1764 1766 3c36a96-3c36aa4 1763->1766 1767 3c36aaa-3c36ab1 call 3c538f3 1763->1767 1773 3c36b42-3c36b8c call 3c563a0 call 3c3b940 call 3c3acd0 call 3c34300 1764->1773 1774 3c36b30-3c36b3c call 3c3e960 1764->1774 1766->1710 1766->1767 1767->1764 1785 3c36bd0-3c36bda 1773->1785 1786 3c36b8e-3c36b9b 1773->1786 1774->1773 1789 3c36c08-3c36c12 1785->1789 1790 3c36bdc-3c36be8 1785->1790 1787 3c36bb1-3c36bc9 call 3c538f3 1786->1787 1788 3c36b9d-3c36bab 1786->1788 1787->1785 1788->1710 1788->1787 1794 3c36c14-3c36c23 1789->1794 1795 3c36c3f 1789->1795 1792 3c36bea-3c36bf8 1790->1792 1793 3c36bfe-3c36c05 call 3c538f3 1790->1793 1792->1710 1792->1793 1793->1789 1798 3c36c35-3c36c3c call 3c538f3 1794->1798 1799 3c36c25-3c36c33 1794->1799 1795->1713 1798->1795 1799->1710 1799->1798
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNELBASE(?,?,?), ref: 03C367A0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                                                                                  • String ID: .$C:\Users\user\AppData\Roaming
                                                                                                                                                                                                                                                  • API String ID: 1974802433-1520568048
                                                                                                                                                                                                                                                  • Opcode ID: 6e49291d005afaea47b29a6f44fe73158dc568760d3dad5d7845c16096c91c94
                                                                                                                                                                                                                                                  • Instruction ID: 1875de79d184ae6ba4d9b00e0dfa20fbc698442dfdacbea6afdb4580c2ca2ce0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e49291d005afaea47b29a6f44fe73158dc568760d3dad5d7845c16096c91c94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16028C71D002599BEB29CB68CD88BDDFBB5EF46304F1482D9D448EB281DB759AC48F90
                                                                                                                                                                                                                                                  Function 03C34390 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 217fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1803 3c34390-3c34637 call 3c3b940 * 10 1824 3c34640-3c34690 call 3c56b93 FindFirstFileA 1803->1824 1829 3c34e36-3c34e5d call 3c5696b 1824->1829 1830 3c34696-3c3469c 1824->1830 1829->1824 1836 3c34e63-3c34e9c call 3c5358d call 3c5354f 1829->1836 1832 3c346a0-3c346a7 1830->1832 1834 3c34e1a-3c34e30 1832->1834 1835 3c346ad-3c346b4 1832->1835 1834->1829 1834->1832 1835->1834 1837 3c346ba-3c34754 call 3c3b940 * 2 call 3c3c0e0 call 3c3c1e0 1835->1837 1837->1834
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNELBASE(?,?,?,?,?,?,00000000,?), ref: 03C34682
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                                                                                  • String ID: .$C:\Users\user\AppData\Roaming
                                                                                                                                                                                                                                                  • API String ID: 1974802433-1520568048
                                                                                                                                                                                                                                                  • Opcode ID: b64986481ea2b1946ce545074fb6d3e81a3c5ce229cd3389011d639ec2484097
                                                                                                                                                                                                                                                  • Instruction ID: 59a85def7b1b00a9a61fa169b6978e32774070227caf43b04f09bbdc08c3883a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b64986481ea2b1946ce545074fb6d3e81a3c5ce229cd3389011d639ec2484097
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44B126709043A8DEEB61DF94CC48BDEBBB4AB15704F1441D9D448FB282DBB91A88DF52
                                                                                                                                                                                                                                                  Function 03C525F0 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 790COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 3295 3c525f0-3c52616 3296 3c52634-3c52638 3295->3296 3297 3c52618-3c52631 call 3c5354f 3295->3297 3299 3c52656-3c5266f 3296->3299 3300 3c5263a-3c52653 call 3c5354f 3296->3300 3303 3c52670-3c5267e 3299->3303 3303->3303 3305 3c52680-3c5268b 3303->3305 3306 3c53087 3305->3306 3307 3c52691-3c5269b 3305->3307 3309 3c5308c-3c530a0 call 3c5354f 3306->3309 3308 3c526a0-3c526a4 3307->3308 3311 3c526a6 3308->3311 3312 3c526a9-3c526b5 3308->3312 3311->3312 3312->3308 3313 3c526b7-3c526c9 3312->3313 3315 3c526d0-3c526d9 3313->3315 3315->3315 3316 3c526db-3c526f2 3315->3316 3317 3c526f4-3c526f8 3316->3317 3318 3c52708-3c52711 3316->3318 3319 3c5271d-3c5272d call 3c5d297 3317->3319 3320 3c526fa-3c52706 3317->3320 3318->3319 3321 3c52713-3c52717 3318->3321 3327 3c527b1 3319->3327 3328 3c52733-3c52743 call 3c5d297 3319->3328 3320->3317 3320->3318 3321->3319 3322 3c527b9-3c527fa 3321->3322 3322->3306 3324 3c52800-3c52802 3322->3324 3324->3306 3326 3c52808-3c52942 call 3c68940 3324->3326 3346 3c52946-3c5294b 3326->3346 3327->3322 3328->3327 3332 3c52745-3c52755 call 3c5d297 3328->3332 3332->3327 3336 3c52757-3c52767 call 3c5d297 3332->3336 3336->3327 3342 3c52769-3c52779 call 3c5d297 3336->3342 3342->3327 3347 3c5277b-3c5278b call 3c5d297 3342->3347 3346->3346 3348 3c5294d-3c529ae 3346->3348 3347->3327 3357 3c5278d-3c5279d call 3c5d297 3347->3357 3350 3c529b0-3c529b5 3348->3350 3351 3c529ba-3c529d4 3348->3351 3350->3351 3352 3c529d6-3c529db 3351->3352 3353 3c529e9-3c529ec 3351->3353 3352->3353 3355 3c529dd-3c529e7 3352->3355 3356 3c529f4-3c52ae0 3353->3356 3355->3356 3358 3c52ae6-3c52b20 3356->3358 3357->3327 3363 3c5279f-3c527af call 3c5d297 3357->3363 3360 3c52b25-3c52b41 call 3c514e0 3358->3360 3366 3c52b83-3c52b96 3360->3366 3367 3c52b43-3c52b4a 3360->3367 3363->3322 3363->3327 3369 3c52bd6-3c52bef 3366->3369 3370 3c52b98-3c52b9f 3366->3370 3371 3c52b4c-3c52b51 3367->3371 3372 3c52b5a-3c52b5c 3367->3372 3376 3c52bf1-3c52bf5 3369->3376 3377 3c52c3c-3c52c43 3369->3377 3373 3c52ba1-3c52ba6 3370->3373 3374 3c52bb2-3c52bd3 call 3c5354f 3370->3374 3371->3372 3375 3c52b53-3c52b59 3371->3375 3372->3360 3378 3c52b5d-3c52b64 3372->3378 3373->3374 3382 3c52ba8-3c52baf 3373->3382 3375->3358 3375->3372 3376->3377 3384 3c52bf7-3c52c3a 3376->3384 3380 3c52c45-3c52c5b call 3c5d209 3377->3380 3381 3c52c5e 3377->3381 3385 3c52b67-3c52b80 call 3c5354f 3378->3385 3380->3381 3386 3c52c60-3c52c73 call 3c5d1e8 3381->3386 3382->3374 3384->3376 3384->3377 3396 3c52c75-3c52c85 3386->3396 3398 3c52c90-3c52d00 3396->3398 3398->3398 3400 3c52d02-3c52d06 3398->3400 3401 3c52d1f-3c52d30 3400->3401 3402 3c52d08-3c52d1d call 3c52040 3400->3402 3404 3c52d42-3c52d44 3401->3404 3405 3c52d32-3c52d39 call 3c522b0 3401->3405 3402->3401 3408 3c52d46-3c52d4b 3404->3408 3409 3c52da9-3c52db4 3404->3409 3410 3c52d3e-3c52d40 3405->3410 3413 3c52d50-3c52d64 call 3c521d0 3408->3413 3411 3c52dc4-3c52dd2 3409->3411 3412 3c52db6-3c52dbb 3409->3412 3410->3409 3416 3c52dd3-3c52ddf 3411->3416 3417 3c52d9b-3c52d9f 3411->3417 3412->3411 3414 3c52dbd-3c52dc3 3412->3414 3422 3c52d96 3413->3422 3423 3c52d66-3c52d69 3413->3423 3414->3411 3414->3413 3416->3309 3424 3c52de5-3c52de7 3416->3424 3418 3c52da5 3417->3418 3418->3409 3422->3417 3423->3422 3425 3c52d6b-3c52d76 call 3c52040 3423->3425 3424->3385 3426 3c52ded-3c52e0d 3424->3426 3439 3c52e80-3c52e85 3425->3439 3440 3c52d7c-3c52d94 call 3c521d0 3425->3440 3428 3c52e13-3c52e15 3426->3428 3429 3c52f7a-3c52f86 3426->3429 3428->3429 3430 3c52e1b-3c52e2e 3428->3430 3431 3c52f8c-3c52f8e 3429->3431 3432 3c5306b-3c53084 call 3c5354f 3429->3432 3434 3c52e30-3c52e38 3430->3434 3435 3c52e3d-3c52e55 3430->3435 3436 3c52f90-3c52f95 3431->3436 3437 3c52f9b-3c52faa call 3c517b0 3431->3437 3434->3435 3442 3c52e57-3c52e5a 3435->3442 3443 3c52e8f-3c52e94 3435->3443 3436->3432 3436->3437 3437->3385 3455 3c52fb0-3c52fb9 3437->3455 3439->3418 3440->3422 3440->3423 3447 3c52e5c-3c52e7d call 3c5354f 3442->3447 3448 3c52e8a-3c52e8d 3442->3448 3450 3c52f56-3c52f77 call 3c5354f 3443->3450 3451 3c52e9a-3c52ea1 3443->3451 3454 3c52ea4-3c52eb3 call 3c514e0 3448->3454 3451->3454 3454->3385 3463 3c52eb9-3c52ebf 3454->3463 3458 3c52fbe-3c52fc3 3455->3458 3458->3309 3460 3c52fc9-3c53013 call 3c53901 call 3c563a0 call 3c5355d 3458->3460 3484 3c53015-3c5302e call 3c5354f 3460->3484 3485 3c53031-3c53039 3460->3485 3464 3c52ee4-3c52ee8 3463->3464 3465 3c52ec1-3c52ee1 call 3c5354f 3463->3465 3468 3c52f1a-3c52f1f 3464->3468 3469 3c52eea-3c52eed 3464->3469 3474 3c52f21-3c52f2e 3468->3474 3475 3c52f33-3c52f53 call 3c5354f 3468->3475 3472 3c52f12-3c52f15 3469->3472 3473 3c52eef-3c52f0f call 3c5354f 3469->3473 3472->3458 3474->3458 3487 3c5304c-3c53068 call 3c5354f 3485->3487 3488 3c5303b 3485->3488 3490 3c53040-3c5304a 3488->3490 3490->3487 3490->3490
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: UT
                                                                                                                                                                                                                                                  • API String ID: 0-894488996
                                                                                                                                                                                                                                                  • Opcode ID: 6830839b27f56858589a7bc37bcbe32b38fd63a4f0d9948c457edfa881defb15
                                                                                                                                                                                                                                                  • Instruction ID: 756889f8927cd244532f56631d6e3332b638930699fda10449fea4bef063cf26
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6830839b27f56858589a7bc37bcbe32b38fd63a4f0d9948c457edfa881defb15
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA62A6756083808FD725DF28D89076BBBE4AF85304F4849AEEC89CF246DB31D584CB96
                                                                                                                                                                                                                                                  Function 03C4DFC0 Relevance: 3.2, APIs: 2, Instructions: 233COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 4050 3c4dfc0-3c4e04f 4051 3c4e052-3c4e057 4050->4051 4051->4051 4052 3c4e059-3c4e0ca call 3c3b940 4051->4052 4056 3c4e0d1-3c4e12a FindFirstFileA 4052->4056 4057 3c4e0cc call 3c3d2a0 4052->4057 4058 3c4e12c-3c4e13b 4056->4058 4059 3c4e15b-3c4e183 4056->4059 4057->4056 4060 3c4e151-3c4e158 call 3c538f3 4058->4060 4061 3c4e13d-3c4e14b 4058->4061 4062 3c4e1b4-3c4e1d8 4059->4062 4063 3c4e185-3c4e194 4059->4063 4060->4059 4061->4060 4066 3c4e71a-3c4e71f call 3c56b42 4061->4066 4064 3c4e1f0-3c4e1f7 4062->4064 4065 3c4e1da-3c4e1eb 4062->4065 4068 3c4e196-3c4e1a4 4063->4068 4069 3c4e1aa-3c4e1b1 call 3c538f3 4063->4069 4074 3c4e6b2-3c4e6c2 FindNextFileA 4064->4074 4075 3c4e1fd-3c4e203 4064->4075 4070 3c4e6e0-3c4e719 call 3c3b780 call 3c5354f 4065->4070 4068->4066 4068->4069 4069->4062 4070->4066 4078 3c4e6c4-3c4e6ca 4074->4078 4079 3c4e6cf-3c4e6dd 4074->4079 4076 3c4e206-3c4e20b 4075->4076 4076->4076 4082 3c4e20d-3c4e212 4076->4082 4078->4064 4079->4070 4084 3c4e418-3c4e41f 4082->4084 4085 3c4e218-3c4e21b 4082->4085 4087 3c4e425-3c4e48b call 3c3b940 4084->4087 4088 3c4e6ac 4084->4088 4085->4084 4089 3c4e221-3c4e283 call 3c3b940 4085->4089 4095 3c4e490-3c4e495 4087->4095 4088->4074 4096 3c4e286-3c4e28b 4089->4096 4095->4095 4097 3c4e497-3c4e4bd call 3c3b940 4095->4097 4096->4096 4098 3c4e28d-3c4e297 call 3c3b940 4096->4098 4103 3c4e4e6-3c4e500 4097->4103 4104 3c4e4bf-3c4e4e4 4097->4104 4102 3c4e29c-3c4e2b3 4098->4102 4105 3c4e2b5-3c4e2da 4102->4105 4106 3c4e2dc-3c4e2f8 call 3c3d2a0 4102->4106 4107 3c4e507-3c4e55c call 3c3d800 4103->4107 4108 3c4e502 call 3c3d2a0 4103->4108 4104->4107 4109 3c4e2fd-3c4e352 call 3c3d800 4105->4109 4106->4109 4117 3c4e58d-3c4e59d call 3c3cdc0 4107->4117 4118 3c4e55e-3c4e58b 4107->4118 4108->4107 4115 3c4e354-3c4e381 4109->4115 4116 3c4e383-3c4e393 call 3c3cdc0 4109->4116 4119 3c4e399-3c4e3a0 4115->4119 4116->4119 4122 3c4e5a3-3c4e5aa 4117->4122 4118->4122 4124 3c4e3d1-3c4e3de 4119->4124 4125 3c4e3a2-3c4e3b1 4119->4125 4127 3c4e5ac-3c4e5bb 4122->4127 4128 3c4e5db-3c4e5e8 4122->4128 4135 3c4e3e0-3c4e3ef 4124->4135 4136 3c4e40f-3c4e413 4124->4136 4133 3c4e3c7-3c4e3ce call 3c538f3 4125->4133 4134 3c4e3b3-3c4e3c1 4125->4134 4129 3c4e5d1-3c4e5d8 call 3c538f3 4127->4129 4130 3c4e5bd-3c4e5cb 4127->4130 4131 3c4e619 4128->4131 4132 3c4e5ea-3c4e5f9 4128->4132 4129->4128 4130->4066 4130->4129 4137 3c4e61d-3c4e626 4131->4137 4139 3c4e60f-3c4e616 call 3c538f3 4132->4139 4140 3c4e5fb-3c4e609 4132->4140 4133->4124 4134->4066 4134->4133 4142 3c4e405-3c4e40c call 3c538f3 4135->4142 4143 3c4e3f1-3c4e3ff 4135->4143 4136->4137 4147 3c4e657-3c4e67f 4137->4147 4148 3c4e628-3c4e637 4137->4148 4139->4131 4140->4066 4140->4139 4142->4136 4143->4066 4143->4142 4147->4088 4150 3c4e681-3c4e690 4147->4150 4152 3c4e64d-3c4e654 call 3c538f3 4148->4152 4153 3c4e639-3c4e647 4148->4153 4155 3c4e6a2-3c4e6a9 call 3c538f3 4150->4155 4156 3c4e692-3c4e6a0 4150->4156 4152->4147 4153->4066 4153->4152 4155->4088 4156->4066 4156->4155
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 95b64a027170c8f10e3ca4bfd51f36685669ac12487f2b64140cc7ce7c130aef
                                                                                                                                                                                                                                                  • Instruction ID: 29efca10236ce6004347f632c80fc75cfbf95d1ecdfe073693e293ae10049443
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95b64a027170c8f10e3ca4bfd51f36685669ac12487f2b64140cc7ce7c130aef
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CB16B709042599EEB25CF68CD58BEEFBB5BF46304F1482C8D409AB281D7B65B84CF90
                                                                                                                                                                                                                                                  Function 03C36450 Relevance: 3.1, APIs: 2, Instructions: 148networkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 4161 3c36450-3c36483 4163 3c364f7-3c3650b call 3c5354f 4161->4163 4164 3c36485-3c36495 4161->4164 4164->4163 4168 3c36497-3c364d9 4164->4168 4168->4163 4172 3c364db-3c364e8 send 4168->4172 4172->4163 4173 3c364ea-3c364f0 4172->4173 4173->4163 4175 3c36542-3c3654a 4173->4175 4176 3c3656d-3c3657c 4175->4176 4177 3c3654c-3c36568 4175->4177 4182 3c365a1-3c365e5 connect 4176->4182 4183 3c3657e-3c3659c 4176->4183 4178 3c36642-3c3665e call 3c3b940 call 3c5354f 4177->4178 4182->4177 4188 3c365eb-3c3662d 4182->4188 4183->4178 4191 3c36630-3c36635 4188->4191 4191->4191 4192 3c36637-3c36641 4191->4192 4192->4178
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • send.WS2_32(?,00000001,?,?,00000000,?,000019FF), ref: 03C364E1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: send
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2809346765-0
                                                                                                                                                                                                                                                  • Opcode ID: a9d6f027ad57fdfff6814d42df9ec66ee0dfcac25eb895d43f5f4cb1439f1af2
                                                                                                                                                                                                                                                  • Instruction ID: 1f99cc83eace2e9c894ea0e7e09d52215345cfa0e290262395beb6020711459a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9d6f027ad57fdfff6814d42df9ec66ee0dfcac25eb895d43f5f4cb1439f1af2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C41F6746443416EE321EF64CC46BABBAECAF86700F040A1DF990CF1C1E7B4964887A2
                                                                                                                                                                                                                                                  Function 03C3F000 Relevance: 1.9, APIs: 1, Instructions: 422COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 4549 3c3f000-3c3f01d 4550 3c3f023-3c3f031 4549->4550 4551 3c3f129 call 3c31190 4549->4551 4552 3c3f033-3c3f035 4550->4552 4553 3c3f037-3c3f03f 4550->4553 4555 3c3f12e call 3c310f0 4551->4555 4556 3c3f04f-3c3f063 4552->4556 4557 3c3f041-3c3f046 4553->4557 4558 3c3f048-3c3f04c 4553->4558 4562 3c3f133-3c3f1d1 call 3c56b42 call 3c3b940 4555->4562 4560 3c3f065-3c3f06a 4556->4560 4561 3c3f08f-3c3f091 4556->4561 4557->4556 4558->4556 4560->4555 4563 3c3f070-3c3f07b call 3c5355d 4560->4563 4564 3c3f0a3 4561->4564 4565 3c3f093-3c3f094 call 3c5355d 4561->4565 4586 3c3f403-3c3f40c 4562->4586 4587 3c3f1d7-3c3f1ee 4562->4587 4563->4562 4578 3c3f081-3c3f08d 4563->4578 4566 3c3f0a5-3c3f0b3 4564->4566 4570 3c3f099-3c3f0a1 4565->4570 4571 3c3f0b5-3c3f0d9 call 3c563a0 4566->4571 4572 3c3f104-3c3f126 call 3c563a0 4566->4572 4570->4566 4582 3c3f0db-3c3f0e9 4571->4582 4583 3c3f0ed-3c3f101 call 3c538f3 4571->4583 4578->4566 4582->4562 4585 3c3f0eb 4582->4585 4585->4583 4589 3c3f435-3c3f44d 4586->4589 4590 3c3f40e-3c3f419 4586->4590 4591 3c3f312-3c3f317 4587->4591 4592 3c3f1f4-3c3f20e call 3c56d06 4587->4592 4598 3c3f477-3c3f494 call 3c5354f 4589->4598 4599 3c3f44f-3c3f45b 4589->4599 4595 3c3f42b-3c3f432 call 3c538f3 4590->4595 4596 3c3f41b-3c3f429 4590->4596 4591->4586 4594 3c3f31d-3c3f322 4591->4594 4614 3c3f210-3c3f213 4592->4614 4615 3c3f21e-3c3f23b 4592->4615 4600 3c3f324 4594->4600 4601 3c3f338-3c3f340 4594->4601 4595->4589 4596->4595 4603 3c3f49a-3c3f49f call 3c56b42 4596->4603 4606 3c3f46d-3c3f474 call 3c538f3 4599->4606 4607 3c3f45d-3c3f46b 4599->4607 4609 3c3f327 4600->4609 4611 3c3f343-3c3f355 4601->4611 4606->4598 4607->4603 4607->4606 4617 3c3f495 call 3c53a4f 4609->4617 4618 3c3f32d-3c3f336 4609->4618 4619 3c3f357-3c3f367 call 3c68d70 4611->4619 4620 3c3f36e 4611->4620 4614->4615 4622 3c3f215-3c3f218 4614->4622 4623 3c3f241-3c3f246 4615->4623 4624 3c3f307-3c3f30c 4615->4624 4617->4603 4618->4601 4618->4609 4619->4620 4635 3c3f369-3c3f36c 4619->4635 4628 3c3f371-3c3f37c 4620->4628 4622->4591 4622->4615 4625 3c3f250-3c3f261 4623->4625 4624->4587 4624->4591 4629 3c3f263-3c3f273 call 3c68d70 4625->4629 4630 3c3f279 4625->4630 4628->4611 4632 3c3f37e-3c3f3bf 4628->4632 4629->4630 4644 3c3f275-3c3f277 4629->4644 4634 3c3f27c-3c3f287 4630->4634 4632->4586 4636 3c3f3c1-3c3f3d0 4632->4636 4634->4625 4640 3c3f289-3c3f2be 4634->4640 4635->4628 4637 3c3f3d2-3c3f3dd 4636->4637 4638 3c3f3eb-3c3f3f8 call 3c3f000 4636->4638 4641 3c3f3e1-3c3f3e9 4637->4641 4642 3c3f3df 4637->4642 4646 3c3f3fd-3c3f401 4638->4646 4645 3c3f2c0-3c3f2cf 4640->4645 4641->4646 4642->4641 4644->4634 4647 3c3f2d1-3c3f2dc 4645->4647 4648 3c3f2ea-3c3f2f7 call 3c3f000 4645->4648 4646->4586 4646->4636 4649 3c3f2e0-3c3f2e8 4647->4649 4650 3c3f2de 4647->4650 4652 3c3f2fc-3c3f300 4648->4652 4649->4652 4650->4649 4652->4645 4653 3c3f302-3c3f305 4652->4653 4653->4624
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 03C3F12E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                                                                                                  • Opcode ID: a1eee66559846354491667a01848fb1dc2b86d109734f9b1eeadbe7800257548
                                                                                                                                                                                                                                                  • Instruction ID: 44d1b2a6a3fafcbf9a32e83c23f58f58142129cc226237fa5cd65e06d50590c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1eee66559846354491667a01848fb1dc2b86d109734f9b1eeadbe7800257548
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3E12075E042489FDB15CF68C8807EEFBB2AF5A300F184A6DE855DB342C7359A46CB60
                                                                                                                                                                                                                                                  Function 03C4EA00 Relevance: 1.8, APIs: 1, Instructions: 250COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 4744 3c4ea00-3c4ea95 4745 3c4ea98-3c4ea9d 4744->4745 4745->4745 4746 3c4ea9f-3c4eb08 call 3c3b940 4745->4746 4750 3c4eb0f-3c4eb76 call 3c3bfd0 4746->4750 4751 3c4eb0a call 3c3d2a0 4746->4751 4754 3c4eb78 4750->4754 4755 3c4eb7a-3c4eb93 FindFirstFileA 4750->4755 4751->4750 4754->4755 4756 3c4ebc4-3c4ebec 4755->4756 4757 3c4eb95-3c4eba4 4755->4757 4760 3c4ec1d-3c4ec45 4756->4760 4761 3c4ebee-3c4ebfd 4756->4761 4758 3c4eba6-3c4ebb4 4757->4758 4759 3c4ebba-3c4ebc1 call 3c538f3 4757->4759 4758->4759 4762 3c4efc2-3c4efc7 call 3c56b42 4758->4762 4759->4756 4766 3c4ec76-3c4ec94 4760->4766 4767 3c4ec47-3c4ec56 4760->4767 4764 3c4ec13-3c4ec1a call 3c538f3 4761->4764 4765 3c4ebff-3c4ec0d 4761->4765 4764->4760 4765->4762 4765->4764 4768 3c4ec96-3c4eca7 4766->4768 4769 3c4ecb0-3c4ecb7 4766->4769 4773 3c4ec6c-3c4ec73 call 3c538f3 4767->4773 4774 3c4ec58-3c4ec66 4767->4774 4776 3c4ef88-3c4efc1 call 3c3b780 call 3c5354f 4768->4776 4777 3c4ef61-3c4ef71 4769->4777 4778 3c4ecbd-3c4eceb 4769->4778 4773->4766 4774->4762 4774->4773 4777->4769 4787 3c4ef77-3c4ef85 4777->4787 4783 3c4ecf0-3c4ecf5 4778->4783 4783->4783 4786 3c4ecf7-3c4ed3e call 3c3b940 4783->4786 4792 3c4ed40-3c4ed45 4786->4792 4787->4776 4792->4792 4793 3c4ed47-3c4ef34 call 3c3b940 call 3c3d2a0 call 3c3d800 call 3c3cdc0 4792->4793 4793->4777 4808 3c4ef36-3c4ef45 4793->4808 4809 3c4ef57-3c4ef5e call 3c538f3 4808->4809 4810 3c4ef47-3c4ef55 4808->4810 4809->4777 4810->4762 4810->4809
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8b2f9a5a6f5a3aefc977b7d42305a04c1452c84ec5d3fc74857f584154d6e2d9
                                                                                                                                                                                                                                                  • Instruction ID: 44e6ec807f05667bf5b00847063741d950c96fe9cc85c636bd7d002fb4db9110
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b2f9a5a6f5a3aefc977b7d42305a04c1452c84ec5d3fc74857f584154d6e2d9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50B16B709042599FEB25CF28CD58BEEFBB1AF46304F1581D8D408AB281D7B65B88CF91
                                                                                                                                                                                                                                                  Function 03C4EAC7 Relevance: 1.6, APIs: 1, Instructions: 134fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNELBASE(?,00000000,?,?), ref: 03C4EB83
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                                                                                                                  • Opcode ID: d0567fa6a1d7a0b4ab3b12b0178e541775b029c502412a2e2cf6cd7a8f947dfd
                                                                                                                                                                                                                                                  • Instruction ID: 9ad9d51c7d0da813c0143fc65d307a19bbf30d0ae6c7223bcc2a0639db4428ab
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0567fa6a1d7a0b4ab3b12b0178e541775b029c502412a2e2cf6cd7a8f947dfd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC517871A042588FEB28CF28CC547EEFB72AB46304F1182D9D459EB291D7759AC48F91
                                                                                                                                                                                                                                                  Function 03C4E081 Relevance: 1.6, APIs: 1, Instructions: 98fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNELBASE(?,?,?,00000002,00000000,03C736F0,00000002,?,?,03C78008,00000000,00000000), ref: 03C4E116
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                                                                                                                  • Opcode ID: 150e76fca53ba1dfa3f65f585291c0065ba539ac0433f12e0fa093ba35902c9e
                                                                                                                                                                                                                                                  • Instruction ID: ea3efae0b7669cc0d8563ca958560eb70243f26162f943a6c59c4ccbc2109143
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 150e76fca53ba1dfa3f65f585291c0065ba539ac0433f12e0fa093ba35902c9e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E417B709002598BEB19CF28C984BEEF7B1BF49304F1182D9D819EB391DB759AC48F90
                                                                                                                                                                                                                                                  Function 03C4E720 Relevance: 1.6, APIs: 1, Instructions: 81encryptionCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CryptUnprotectData.CRYPT32(?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 03C4E7E4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                                                                                                                                  • Opcode ID: 277d1ff616366911085e78e2c62256f11c6a5d8feb7a74ef7bb07c32696931fc
                                                                                                                                                                                                                                                  • Instruction ID: 4e149ab8712e53d88282dcd6a1c58ecc6e8cd51906de3c7ac721a547f2c6f48d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 277d1ff616366911085e78e2c62256f11c6a5d8feb7a74ef7bb07c32696931fc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01215071A002099FDB14DF68C941BAEBBB9FF44710F50462EE815DB680E775DA44CB90
                                                                                                                                                                                                                                                  Function 03C4ACD0 Relevance: 4.7, APIs: 3, Instructions: 245fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1850 3c4acd0-3c4ad39 call 3c68b90 CreateFileA 1854 3c4add5-3c4adf3 CreateFileA 1850->1854 1855 3c4ad3f-3c4ad59 call 3c56b93 1850->1855 1856 3c4adf5-3c4adf7 1854->1856 1857 3c4adfc-3c4af50 call 3c3e9f0 call 3c3ed10 call 3c54de0 1854->1857 1855->1856 1871 3c4ad5f-3c4ad86 CloseHandle 1855->1871 1859 3c4b14a-3c4b150 1856->1859 1895 3c4af56-3c4af7c 1857->1895 1896 3c4b10c-3c4b115 1857->1896 1860 3c4b152-3c4b15e 1859->1860 1861 3c4b17a-3c4b197 call 3c5354f 1859->1861 1864 3c4b170-3c4b177 call 3c538f3 1860->1864 1865 3c4b160-3c4b16e 1860->1865 1864->1861 1865->1864 1869 3c4b19f-3c4b1a4 call 3c56b42 1865->1869 1880 3c4adc2-3c4adc8 call 3c5696b 1871->1880 1881 3c4ad88 1871->1881 1886 3c4adcd-3c4add0 1880->1886 1884 3c4ad90-3c4ada5 1881->1884 1887 3c4ada7-3c4adac 1884->1887 1888 3c4adae-3c4adb8 call 3c4d5f0 1884->1888 1889 3c4b148 1886->1889 1890 3c4adbd-3c4adc0 1887->1890 1888->1890 1889->1859 1890->1880 1890->1884 1895->1896 1896->1889 1897 3c4b117-3c4b12c 1896->1897 1899 3c4b13e-3c4b145 call 3c538f3 1897->1899 1900 3c4b12e-3c4b13c 1897->1900 1899->1889 1900->1899 1902 3c4b19a call 3c56b42 1900->1902 1902->1869
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(?,80000000,00000007,00000000,?,00000003,00000080,00000000,03C78008,?,?,?,00000000,03C6AE63,000000FF), ref: 03C4AD30
                                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE ref: 03C4AD7D
                                                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(?,00000000,00000000,00000000,00000003,00000080,00000000,?,00000003,00000080,00000000,03C78008,?,?,?,00000000), ref: 03C4ADEE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFile$CloseHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1443461169-0
                                                                                                                                                                                                                                                  • Opcode ID: 6ba03d4d2d4932317bc5a8272940d31f5aa6db8cbe115a7b435b61e20b34fd75
                                                                                                                                                                                                                                                  • Instruction ID: d788315636a127970c73dc7f41a69a23ab61dc4b7b538f8018a23490e7349b6b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ba03d4d2d4932317bc5a8272940d31f5aa6db8cbe115a7b435b61e20b34fd75
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79919C75A80318AFEB21DF64CC85FDEB7B8EF04700F544299E50AEA180DB75AA84DF54
                                                                                                                                                                                                                                                  Function 03C4DB90 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 3522 3c4db90-3c4dba7 3523 3c4dce5 call 3c3d550 3522->3523 3524 3c4dbad-3c4dbe9 3522->3524 3528 3c4dcea-3c4dcef call 3c56b42 3523->3528 3526 3c4dbf5-3c4dbfa 3524->3526 3527 3c4dbeb-3c4dbf3 3524->3527 3530 3c4dc00-3c4dc05 3526->3530 3531 3c4dbfc-3c4dbfe 3526->3531 3529 3c4dc21-3c4dc2c call 3c5355d 3527->3529 3529->3528 3541 3c4dc32-3c4dc3b 3529->3541 3533 3c4dc0b-3c4dc14 3530->3533 3534 3c4dce0 call 3c310f0 3530->3534 3531->3533 3539 3c4dc16-3c4dc1b 3533->3539 3540 3c4dc3d-3c4dc3f 3533->3540 3534->3523 3539->3529 3539->3534 3542 3c4dc41-3c4dc42 call 3c5355d 3540->3542 3543 3c4dc4e 3540->3543 3544 3c4dc50-3c4dc79 call 3c4d880 call 3c4d510 3541->3544 3546 3c4dc47-3c4dc4c 3542->3546 3543->3544 3551 3c4dcc6-3c4dcdd 3544->3551 3552 3c4dc7b-3c4dca8 call 3c45c80 3544->3552 3546->3544 3555 3c4dcbc-3c4dcc3 call 3c538f3 3552->3555 3556 3c4dcaa-3c4dcb8 3552->3556 3555->3551 3556->3528 3557 3c4dcba 3556->3557 3557->3555
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 03C4DCE0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                  • String ID: w*RQaY
                                                                                                                                                                                                                                                  • API String ID: 118556049-631715799
                                                                                                                                                                                                                                                  • Opcode ID: b7dec95c27e149bf583df86e3a4986f14eefd0df857efdaeb644977cf3c92e03
                                                                                                                                                                                                                                                  • Instruction ID: 50540242e10c5031696ee3bde2e6bb66f673f00768c59efd55eac3f844cbe640
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7dec95c27e149bf583df86e3a4986f14eefd0df857efdaeb644977cf3c92e03
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8241F672B001449FCB0CEF6CCE99969BBAAAB85240759C269E807CF385D670F940D791
                                                                                                                                                                                                                                                  Function 03C53180 Relevance: 3.1, APIs: 2, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 4193 3c53180-3c5323a call 3c5355d call 3c54de0 CreateFileMappingW 4198 3c5323c-3c53256 MapViewOfFile 4193->4198 4199 3c53268-3c5328b call 3c532d0 4193->4199 4200 3c5328c-3c532ca call 3c5355d 4198->4200 4201 3c53258-3c53267 4198->4201 4201->4199
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileMappingW.KERNELBASE(00000000,000000FF,00000000,00000004,00000000,06400000,00000000,03C6B347,000000FF), ref: 03C53230
                                                                                                                                                                                                                                                  • MapViewOfFile.KERNELBASE(00000000,00000000,000F001F,00000000,00000000,06400000), ref: 03C5324C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$CreateMappingView
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3452162329-0
                                                                                                                                                                                                                                                  • Opcode ID: 7e99153ebf3a179cd37f1a03c469b4d3f1b6b918ac488bea7002d5ae310b6263
                                                                                                                                                                                                                                                  • Instruction ID: 0d03864f59795ddc49ecce1be73244cfd6aaee73887dc53ad908b6aadbccfb0a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e99153ebf3a179cd37f1a03c469b4d3f1b6b918ac488bea7002d5ae310b6263
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B31AFB0548B40AFE331DF24DC15B17BBE4EB05B14F104B5DE9959FAC1D7BAA4048B88
                                                                                                                                                                                                                                                  Function 03C4E218 Relevance: 1.8, APIs: 1, Instructions: 294fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 4654 3c4e218-3c4e21b 4655 3c4e221-3c4e283 call 3c3b940 4654->4655 4656 3c4e418-3c4e41f 4654->4656 4664 3c4e286-3c4e28b 4655->4664 4657 3c4e425-3c4e48b call 3c3b940 4656->4657 4658 3c4e6ac 4656->4658 4667 3c4e490-3c4e495 4657->4667 4662 3c4e6b2-3c4e6c2 FindNextFileA 4658->4662 4665 3c4e6c4-3c4e6ca 4662->4665 4666 3c4e6cf-3c4e719 call 3c3b780 call 3c5354f 4662->4666 4664->4664 4669 3c4e28d-3c4e2b3 call 3c3b940 4664->4669 4665->4662 4674 3c4e1fd-3c4e203 4665->4674 4691 3c4e71a-3c4e71f call 3c56b42 4666->4691 4667->4667 4672 3c4e497-3c4e4bd call 3c3b940 4667->4672 4682 3c4e2b5-3c4e2da 4669->4682 4683 3c4e2dc-3c4e2f8 call 3c3d2a0 4669->4683 4685 3c4e4e6-3c4e500 4672->4685 4686 3c4e4bf-3c4e4e4 4672->4686 4675 3c4e206-3c4e20b 4674->4675 4675->4675 4679 3c4e20d-3c4e212 4675->4679 4679->4654 4679->4656 4687 3c4e2fd-3c4e352 call 3c3d800 4682->4687 4683->4687 4689 3c4e507-3c4e55c call 3c3d800 4685->4689 4690 3c4e502 call 3c3d2a0 4685->4690 4686->4689 4696 3c4e354-3c4e381 4687->4696 4697 3c4e383-3c4e393 call 3c3cdc0 4687->4697 4702 3c4e58d-3c4e59d call 3c3cdc0 4689->4702 4703 3c4e55e-3c4e58b 4689->4703 4690->4689 4700 3c4e399-3c4e3a0 4696->4700 4697->4700 4705 3c4e3d1-3c4e3de 4700->4705 4706 3c4e3a2-3c4e3b1 4700->4706 4708 3c4e5a3-3c4e5aa 4702->4708 4703->4708 4712 3c4e3e0-3c4e3ef 4705->4712 4713 3c4e40f-3c4e413 4705->4713 4709 3c4e3c7-3c4e3ce call 3c538f3 4706->4709 4710 3c4e3b3-3c4e3c1 4706->4710 4714 3c4e5ac-3c4e5bb 4708->4714 4715 3c4e5db-3c4e5e8 4708->4715 4709->4705 4710->4691 4710->4709 4722 3c4e405-3c4e40c call 3c538f3 4712->4722 4723 3c4e3f1-3c4e3ff 4712->4723 4718 3c4e61d-3c4e626 4713->4718 4716 3c4e5d1-3c4e5d8 call 3c538f3 4714->4716 4717 3c4e5bd-3c4e5cb 4714->4717 4719 3c4e619 4715->4719 4720 3c4e5ea-3c4e5f9 4715->4720 4716->4715 4717->4691 4717->4716 4728 3c4e657-3c4e67f 4718->4728 4729 3c4e628-3c4e637 4718->4729 4719->4718 4725 3c4e60f-3c4e616 call 3c538f3 4720->4725 4726 3c4e5fb-3c4e609 4720->4726 4722->4713 4723->4691 4723->4722 4725->4719 4726->4691 4726->4725 4728->4658 4731 3c4e681-3c4e690 4728->4731 4734 3c4e64d-3c4e654 call 3c538f3 4729->4734 4735 3c4e639-3c4e647 4729->4735 4737 3c4e6a2-3c4e6a9 call 3c538f3 4731->4737 4738 3c4e692-3c4e6a0 4731->4738 4734->4728 4735->4691 4735->4734 4737->4658 4738->4691 4738->4737
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindNextFileA.KERNELBASE(00000010,00000000,00000010,?,?,?,00000002,00000000,03C736F0,00000002,?,?,03C78008,00000000,00000000), ref: 03C4E6BB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileFindNext
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2029273394-0
                                                                                                                                                                                                                                                  • Opcode ID: 31a72ba10df5d71d0dad24b850810e809a9534558216549764a20f2e5005486c
                                                                                                                                                                                                                                                  • Instruction ID: 9dc1852f801a7d3614ae424aafb4fae7d7ba58fe0619c49794f8e654ac8b478a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31a72ba10df5d71d0dad24b850810e809a9534558216549764a20f2e5005486c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41D17E719042588AEB29CB28CD94BEDFB71BF46304F1582D8D449EB291DB769BC4CF90
                                                                                                                                                                                                                                                  Function 03C4D5F0 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 4813 3c4d5f0-3c4d612 4814 3c4d725 call 3c3d550 4813->4814 4815 3c4d618-3c4d630 4813->4815 4820 3c4d72a-3c4d796 call 3c310f0 4814->4820 4816 3c4d632-3c4d637 4815->4816 4817 3c4d658-3c4d668 4815->4817 4819 3c4d63c-3c4d63d call 3c5355d 4816->4819 4821 3c4d677-3c4d679 4817->4821 4822 3c4d66a-3c4d66f 4817->4822 4828 3c4d642-3c4d647 4819->4828 4839 3c4d870-3c4d875 call 3c3d550 4820->4839 4840 3c4d79c-3c4d7c2 4820->4840 4826 3c4d688 4821->4826 4827 3c4d67b-3c4d686 call 3c5355d 4821->4827 4822->4820 4825 3c4d675 4822->4825 4825->4819 4831 3c4d68a-3c4d6a3 4826->4831 4827->4831 4832 3c4d720 call 3c56b42 4828->4832 4833 3c4d64d-3c4d656 4828->4833 4836 3c4d6b4-3c4d6d2 call 3c563a0 * 2 4831->4836 4837 3c4d6a5-3c4d6b2 call 3c563a0 4831->4837 4832->4814 4833->4831 4848 3c4d6d5-3c4d6d9 4836->4848 4837->4848 4846 3c4d7c4-3c4d7c9 4840->4846 4847 3c4d7cb-3c4d7d0 4840->4847 4851 3c4d7d3-3c4d810 call 3c3be00 call 3c3b690 4846->4851 4847->4851 4853 3c4d704-3c4d71d 4848->4853 4854 3c4d6db-3c4d6e6 4848->4854 4864 3c4d825-3c4d84f call 3c3e590 call 3c3d560 4851->4864 4865 3c4d812-3c4d822 call 3c3e590 4851->4865 4856 3c4d6e8-3c4d6f6 4854->4856 4857 3c4d6fa-3c4d701 call 3c538f3 4854->4857 4856->4832 4859 3c4d6f8 4856->4859 4857->4853 4859->4857 4865->4864
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 03C4D72A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                                                                                                  • Opcode ID: f34aca5002c6e88e442b762a7e1101cac4d3c0f6f04a39ccf9d8e9a8c3ec67a3
                                                                                                                                                                                                                                                  • Instruction ID: 52911c444e9e62a60bfd8a76c589c125ebf5cf92f31562d8f4a5a8ce4e23565f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f34aca5002c6e88e442b762a7e1101cac4d3c0f6f04a39ccf9d8e9a8c3ec67a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E71DA76B001059FCB08EF6CC9849AEB7F5EF85350B198269E81ADF355DA30EE01CB90
                                                                                                                                                                                                                                                  Function 03C3B990 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 03C3BA73
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                                                                                                  • Opcode ID: 433e04428372a849a8a8839912fcaf2410e3dc0e8fee66dbe17a6c3207ae55eb
                                                                                                                                                                                                                                                  • Instruction ID: a7344c18d540d26dadbf84c1f880a15ad1176e1b7e423a14554f803fdff0196a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 433e04428372a849a8a8839912fcaf2410e3dc0e8fee66dbe17a6c3207ae55eb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B214971B007008BC718EFB8888566DFAE5EF46320B68033EE866CF391DB30DE809201
                                                                                                                                                                                                                                                  Function 03C3B690 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 03C3B74A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                                                                                                  • Opcode ID: 4099ec9f81d87142d94505cea065204f14c80925e63706f6a449f77ab4fb807e
                                                                                                                                                                                                                                                  • Instruction ID: 41064e89ca9844cfbf11786e2996149d4f00012e157f53e2e8530b8955c33358
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4099ec9f81d87142d94505cea065204f14c80925e63706f6a449f77ab4fb807e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5521A1B16007019FD724DF28D980666F7E8EF56390B54062EE84ACF341EB71EE9487A0
                                                                                                                                                                                                                                                  Function 03C60982 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetFileType.KERNELBASE(?,00000000,?,000000F6), ref: 03C609E1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileType
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3081899298-0
                                                                                                                                                                                                                                                  • Opcode ID: f06082d38b1de98c3d75b5a29d7418b8fcbd34fcb6a466932b4afa4deaeab775
                                                                                                                                                                                                                                                  • Instruction ID: 3a2d9208158466e70f32aa94765fdd0884e4603652be89db1c7062894887f3d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f06082d38b1de98c3d75b5a29d7418b8fcbd34fcb6a466932b4afa4deaeab775
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D511066151C77249E730C93E8CD8636EA8A9B52174B2C071AE0B6EA1F2C260DA86C245
                                                                                                                                                                                                                                                  Function 03C5355D Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 03C3112E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2659868963-0
                                                                                                                                                                                                                                                  • Opcode ID: a7bf56833db2b87c07026cdbd390aec634223d4aa1c734dee3ae571bcde46554
                                                                                                                                                                                                                                                  • Instruction ID: 7d7766fe5c2716cf66af28534387e9be8fac66ec470e4b6c833fabd98921a23f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7bf56833db2b87c07026cdbd390aec634223d4aa1c734dee3ae571bcde46554
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6201047980030C6BCB14FEEAD848A89B7AC9A012A0B408531FD15DA550FB70F6D486D8
                                                                                                                                                                                                                                                  Function 03C5EC87 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000008,?,00000000,?,03C5F1FE,00000001,00000364,03C78044,000000FF,?,?,03C54705,?), ref: 03C5ECC9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: a75f76817f2b06ced5b51cfd20d5ae48e005c4118b16936a06fc2c653bba5e12
                                                                                                                                                                                                                                                  • Instruction ID: edcca0d5dda13fc5f0a4b1aa5736f0d7e50fc2c2c598024d5069f143258298a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a75f76817f2b06ced5b51cfd20d5ae48e005c4118b16936a06fc2c653bba5e12
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF0B43660577466DB21EA724D04ADBB75CAF806A0B198061FC14DE584CA30FB8082E9
                                                                                                                                                                                                                                                  Function 03C4CE80 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CharLowerA.USER32(00000000,00000000,?,?,?,?,?,?,03C78008,?,00000000), ref: 03C4CE9F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CharLower
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1615517891-0
                                                                                                                                                                                                                                                  • Opcode ID: de04635472cdda6a0c52091d6bafac163c4dae0cb4abf2bac9eb599b33cb0552
                                                                                                                                                                                                                                                  • Instruction ID: 268a9fed58e712e5e3a2bd62f504567a1d462a397d31a557233c01eb33d3a9f8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de04635472cdda6a0c52091d6bafac163c4dae0cb4abf2bac9eb599b33cb0552
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F0307A805714BBDF10DFA58C40C5B762DEE452247458168FD14DB251D771EE4097B4

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 0403A1D1 Relevance: 7.8, Strings: 6, Instructions: 321COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3766542992.0000000003F9A000.00000040.00001000.00020000.00000000.sdmp, Offset: 03F9A000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3f9a000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: "$+$L$f$g$i
                                                                                                                                                                                                                                                  • API String ID: 0-552817620
                                                                                                                                                                                                                                                  • Opcode ID: d3dd992277938e17cf854a6fffcb1b6e20b58e844d122faeef97b4918e8fb06d
                                                                                                                                                                                                                                                  • Instruction ID: a813def9d86ce28a9cc0ee1af41c12901433e1494f2059bd09fd0c09462a721c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3dd992277938e17cf854a6fffcb1b6e20b58e844d122faeef97b4918e8fb06d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01A18B7101CB158BD718EF2CE8849ABB3E5FBC5325F249A3EC0D6C7081E7365506CA86
                                                                                                                                                                                                                                                  Function 03C36CC0 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: .
                                                                                                                                                                                                                                                  • API String ID: 0-248832578
                                                                                                                                                                                                                                                  • Opcode ID: 852644225aa7b9c01a5699a837de899a8025b357f5c0bc1be013df4d93df1458
                                                                                                                                                                                                                                                  • Instruction ID: 4dac43c7628379f8e2eac85ec8444fa10a73a44bc9b721980e662bbffd13dcc6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 852644225aa7b9c01a5699a837de899a8025b357f5c0bc1be013df4d93df1458
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8F17DB1D002599FEB15DF68CC84BDEFBB5AF46304F144299E418FB281DB769A848F90
                                                                                                                                                                                                                                                  Function 03C53DE8 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4c3c8970a28c0b76877a3564a58757a91daff14ac9d9956ddbef45ab5e52956c
                                                                                                                                                                                                                                                  • Instruction ID: 63b36f159cdfe67bbb88e6982b4b0330892cf6669a6669a780e7d5208a45ddaa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c3c8970a28c0b76877a3564a58757a91daff14ac9d9956ddbef45ab5e52956c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E5191B5D013058BEB15CF58D89A7AEB7F0FB48350F248569E951EB384D3B49E80CB54
                                                                                                                                                                                                                                                  Function 03C60FFB Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2d151cae164fd76349c0830f209586e387c5634c4317cb3f1a082beb71b409cd
                                                                                                                                                                                                                                                  • Instruction ID: f4519eb3c94fb712bfe98758b280015c4c5c55045e680aab80db7a248eb06ec7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d151cae164fd76349c0830f209586e387c5634c4317cb3f1a082beb71b409cd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29E08C32915278EBCB14DB99C984D8AF3ECFB45A01B1A0096F505E3200C270DE00D7D0
                                                                                                                                                                                                                                                  Function 03C5D8AD Relevance: .0, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ef698c820c0f553a28f231f6e9f730096f9c66af1325729657a397902d0fa9c1
                                                                                                                                                                                                                                                  • Instruction ID: 976948168392d9370a395484ab27b2241e7875ade06dffa699f9c950d00bc3f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef698c820c0f553a28f231f6e9f730096f9c66af1325729657a397902d0fa9c1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10E0B63A460748AFCB15FF15C848E5C3B69EF54240B064829FC09DE631DA25EE82EB94
                                                                                                                                                                                                                                                  Function 03C552D7 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 03C553D4
                                                                                                                                                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 03C553F6
                                                                                                                                                                                                                                                  • ___TypeMatch.LIBVCRUNTIME ref: 03C55505
                                                                                                                                                                                                                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 03C555D7
                                                                                                                                                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 03C55676
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                                  • API String ID: 4162181273-393685449
                                                                                                                                                                                                                                                  • Opcode ID: 8b0a7c465b7ed9772daa2c46d13ebcc2ff92399eb92fc03b028a43cbb92ab17a
                                                                                                                                                                                                                                                  • Instruction ID: 72dac378d76cfedba8f13c236307be2689070e8986db79ab8d8fa92e45f7ddeb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b0a7c465b7ed9772daa2c46d13ebcc2ff92399eb92fc03b028a43cbb92ab17a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EB16575800209EFCF19DFA5C8809AEB7B9AF06311F094599FC16EF211D730DA91DB99
                                                                                                                                                                                                                                                  Function 040126CD Relevance: 6.3, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3766542992.0000000003F9A000.00000040.00001000.00020000.00000000.sdmp, Offset: 03F9A000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3f9a000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: !$A$O$a$j
                                                                                                                                                                                                                                                  • API String ID: 0-2425874441
                                                                                                                                                                                                                                                  • Opcode ID: b2f4e99ceb2ca8ddcf6f68dcae77b754acd22bf3ffefa4ac3cc517a43dfe848a
                                                                                                                                                                                                                                                  • Instruction ID: b979c7f5502d78f638fd14df79e439aec03c8d10713638326fd1de3602224cda
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2f4e99ceb2ca8ddcf6f68dcae77b754acd22bf3ffefa4ac3cc517a43dfe848a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A313572218B829BC328EF2CD84556EBBE2BFD5324F148A6CE1DAC32C4D735A455CB45
                                                                                                                                                                                                                                                  Function 03C5FE30 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _strrchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3213747228-0
                                                                                                                                                                                                                                                  • Opcode ID: 273cbd14e9589fe85d767b9dff6906a4fa724932badb359ccbd8390ed212092e
                                                                                                                                                                                                                                                  • Instruction ID: 1eac2f6a0013a48a51df1bfddbf2a992d260d0c0842dc18925292a3653397972
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 273cbd14e9589fe85d767b9dff6906a4fa724932badb359ccbd8390ed212092e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AB14832908695DFDB19CF28C8C07AEFBF5EF45340F1981AAE845EF241D6758A42CB64
                                                                                                                                                                                                                                                  Function 03C55080 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                                                                                  • Opcode ID: 8e06d5a59369c51b2c3c5aecf6f2072a512a7d39488a6472bb390ffa109cb434
                                                                                                                                                                                                                                                  • Instruction ID: 4d7f1b4c6471209e768ae92fe37dd41f0a5a7f9e27c9d92fe2ce903f948f17ec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e06d5a59369c51b2c3c5aecf6f2072a512a7d39488a6472bb390ffa109cb434
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0951C276A01302AFDB29DF55D840B6ABBA8EF42611F18452DFC13CF190D732AAC0D798
                                                                                                                                                                                                                                                  Function 03C659F1 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 321COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __fassign
                                                                                                                                                                                                                                                  • String ID: E
                                                                                                                                                                                                                                                  • API String ID: 3965848254-3568589458
                                                                                                                                                                                                                                                  • Opcode ID: 28931cf7e6d82599ec0b02f54f225a8a1fdf8489c87c4a7a0b0373b83b2c64c0
                                                                                                                                                                                                                                                  • Instruction ID: 5532e85674e48c61fe1d5c3e2fccaf28efee2e862ff66fdb626a2e2b36bdcbea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28931cf7e6d82599ec0b02f54f225a8a1fdf8489c87c4a7a0b0373b83b2c64c0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DED14A75D002989FCF15CFA8C9C0AEDBBB5BF4A314F28415AE855FB242D731AA46CB50
                                                                                                                                                                                                                                                  Function 03C54C40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 03C54C7F
                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 03C54D33
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.3763704681.0000000003C31000.00000020.00001000.00020000.00000000.sdmp, Offset: 03C31000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_3c31000_RegAsm.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 3480331319-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: 926817a94e2b0a12c116d62094a1aae023cf61a33bf77081698e208126a510fe
                                                                                                                                                                                                                                                  • Instruction ID: 3b94c3328fe20bd27208f114de57ff2cf58f6b13f828acb73e8925681f78de4d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 926817a94e2b0a12c116d62094a1aae023cf61a33bf77081698e208126a510fe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18419E34A002089BCF14EF6AC884A9EBBB5AF85314F158195FC19DF351D731AAD5CB98