IPMediumSignal 60/100

`64.190.63.222`

Location

Germany

Cologne, North Rhine-Westphalia

ASN

AS47846

SEDO

First Seen

Dec 19, 2023

Last Seen

May 31, 2026

Dec 19

First Seen

904d ago

May 31

Last Seen

10d ago

Reports

source reports

60%

Confidence

medium

Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

60%

Signal Score

60 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

121 techniques

Network Information

Country

Germany

RegionCologne, North Rhine-Westphalia

ASNAS47846

OrganizationSEDO

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

18 reports60% confidence

Source reports

60%

Confidence score

Category tags

.pl240pm540amaaaaabsenceabuseacademic institutionsacceptaccept encodingacceptsaccessaccess controlaccess ta0001access ta0006accommodation and food servicesaccommodation servicesaccountaccount compromiseaccount discoveryaccount profilingaccount securityaccount takeoveracrongl integacs cronacs propertyacs siteacsaps groupacshostactiveactive relatedactive scanactive scanningactivity miraiadd alladd erroraddedadded activeadding entityadding personaddpaddp moveaddressaddress domainaddress rangeadm workflowadminadmin cityadministrative accessadobe portableadult content associationadvising notesadware malwareaerospace & defenseafa admissionafa bundleafa mainafa paperafasafas nameafnsafricaag albertoag ingoahsahsconai chataimsair forceakamaiasn1al contenutoalbertaalberta freedomalberta healthalberta health servicesalertsales filealfresco afaalfresco clientalfresco localealfresco propalfresco searchalfresco sharealienvault_ransomwareall octoseekall quietall scoreblueall searchall submissionsallocallocated paallowallyalphenalreadyaltaam mdtam mstamerica asnamerica flaganalyzer pasteanchorand aspectand notand typeandarielandroidanmeldung zuanomalous fileansianti-analysisantiyavl trojanapache geoipapi callapi keyapi servicesapisapkappl nbrappleapple iosapple phoneapplication forapplication idappliesaps apiaps appointmentaps groupaps guidelineaps listaps processaps statusaps studentaps taskaps userapsprodaptapt activityapt activity detectedarctic wolfargsarialarrayarray lengthartroas35994 akamaiasciiascii textasiaasnoneasnone dnsasnone germanyasnone relatedasnone unitedaspackaspectassociate deanasyncratatlasattackattack networkattivitaucunaucuneaufgabe zuaufgaben stehenaustraliaaustriaauthenticationauthorauthorityauto-generated securityav detectionsavg clamavaviraavm folderavm storeavm storesaward sponsorawsaws promotionaz09azureadmyorgbackbackdoorbackscanreviewbackupbad querybad reputationbankingbarcodebassa mediabasse moyennebatchbatch idsbatchidbazaarbear tracksbearerbelgiumbid exceptionbid updatebindbiosbitsbitsobloat-ablog queryblowfishboard reviewbodybody lengthbonjourboobs130432 novbooleanbootkitbotnetbotnet activitybrazilbrian sabeybrokerbrowser attacksbrute forcebrute force attackbrute-forcebutt piratesc2c2 communicationcachecache controlcached datacalendar yearcallcalls processcambia passwordcanadacap applicationcap documentcap epsbcap finalcap generatecap mailcap reportcapecapidcaps apscapturecarecareercarocarrycase filescatalog treeccidccidscdkeyceebcellch uachakracorechangechange logchange passwordchange xmlchangercharter communicationscheatcheckcheckincheckschecks-network-adapterschecks-user-inputchilechina unknownchoosechromechs adminchs agreementchs docschs formchs placementchs schoolchs studentchs uploadchsdocscidrciscoioscitycivicpluscivil servicescivil societyck idck matrixclasscliccaclicca suclickclick-based attackclickable urlsclioclioacs updatecliquezcliquez surclosecloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecmdcnamecnapple publiccnccnc beaconcnwr3 validityco supervisorcodecode executioncode injectioncollaboratorcollegecollege levelcolour barcolumncommandcommand & controlcommand and controlcommand executioncommand linecommand_and_controlcommercial bankingcommercial real estatecommon foldercommon lawcommunication protocolcommunication technologiescompcompany homecompetitive bidcomplete basiccompletion ofcompromised credentialscompromised websitescomspecconclinconfigconfig fileconnections ipconnectorconsent forconsumer goodscontactcontacted urlscontains-elfcontentcontent deliverycontent idcontent typecontent urlcontextcontraseacontrolcontrol ta0011cookiecopycopy filecopyugnt zurcordiali saluticorecountcountercountrycourseauditformcovenant healthcoveocowriecowrie honeypotcp buscprblscreadocreadorcreation datecreatocreatorcredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescreecriadocriadorcrypcryptocryptocurrencycryptocurrency threatscryptojackingcsvcsv datacsv filectacubacur conocus cnrapidsslcus ogooglecus oletcve idcve listcvs reportcyber folkscyber securitycyber threatscyber warfareczechia unknowndailydaily qadatadata accessdata copyingdata dictionarydata encryptiondata exfiltrationdata lengthdata manipulationdata needdata redacteddata store exposuredata transferdata uploaddatabase attackdatabase securityddosddos attackddos attacksdedeaddeath threatsdebugdebugstrdeclarationdecoy systemdefamation campaigndefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydefuncdelegate groupdeletedelete cdelete emaildelete shadowsdelphidemonbotdenedenial of servicedental benefitsdentistry fomddenverdenver coloradodepartmentdepartment docdepartment namedept paramdescriodescriptorpathdesktopdetect-debug-environmentdetected m1detection listdevdev testingdevelopment attdga malvertizingdga parkingdiamondfoxdidxdionaeadionaea honeypotdirectdirect-cpu-clock-accessdirectorhrsbsdirectorydirtsearchdisclosure ofdiscovery e1082displaydisponibiledistributed attacksdiv divdjangodnsdns attackdoc namedoccddockdocsdoctoratephddoctypedocument exploitationdocument formatdocument linkdocument linkndocument moveddocument namedocument typedoesdofoildomaindomainsdonedossier dudownload urldownloaderdrop yourdropboxdropped filedropped_filedropperdtrackdu contenudue datedue datenduedateduplicate filedynamic analysisdynamicloadere citye1203 datae1564 hiddeneb e1eb e8ebeaton scriptec oidecho requestedmonton abedmonton areaedmonton publicedrmseducationeducational resourceseducational serviceseducational technologyee edcje4jee fceffective dateeinladung vonekyxeelectronic health recordselk islandelmidemailemailobjemailsemails infoemailsubjectemailtemplateembargoembargodateemotetemplidemployee ccidemployee idempty argumentencryptencrypt cne8encrypt cnr11encryptionenergyenergy distributionenggfilescannerengine memoryenterenter scordsentityentity icone2entriesentryeofaeepsberrorerror occuredet exploiteternal blueetpro malwareeuropeeurope/asiaeva lisaeva reimerevalevasion attevasion ob0006eventexclude dataexclude suggesexecutable fileexecutable malwareexecuteexecution attexpandexpected effortexpectsexpiration dateexpiredexpiresexpires thuexpiroexpiry dateexplexploitexploit noneexploitationexploitation activityexploited hostextensionextortionextra infof0 fffacilities managementfacultyfailedfake pinterestfakedout threatfallfalsefarefastlyfattfederationfederation asnfellowff d5ff fffgsrfgsr docfgsr formsfgsr studentfgsr supervisorfgsrprfieldfilefilesfiles domainfiles ipfiles locationfiles matchingfilescan.io iocsfiletypefileversic datafillfilterfin ivdofinalfinal urlfinancefinance and insurancefinancial institutionfinancial servicesfinancial technologyfindfindkeyfireeyefirstfirst checkfirst namefirst nationsfiscalflag unitedfleet managementfoipfolderfolder levelfomdfoodfood servicesfor privacyforeign visitorformform applicantform submittedformatformsfoundfound documentfoundryfrancefreedomfreight servicesfromscannerfrontftpfull pathfuncfunctionfund reportfvcafvca assessmentfvca statusgafgytgamegame designgame developmentgame publishinggaminggaming industrygaming platformsgaming technologygay mangay porngaz1geengehen siegemaaktgendertgenericgeneric flagsgeneric malwaregeo-political event exploitationgeoipgermanyget httpget pathget sitegetemailbodyghostghost ratglobal envglobalsgmbhgoagooglegoogle addongoogle formgoogle safegovernment technologygraduate filegraduate foldergraph apigren alfrescogriftergroottegroupgroup createdgroup requestgroupngroupsitegrps2grumgta gragtagraguardguatemalaguest servicesguest systemhackinghagahajimehall renderhallohandlehashes capeheadhead microsoftheadershealthhealth care and social assistancehealth information technologyhealth scienceshealthcare information systemshellohelloworldherehichinahiddenhide artifactshighhigher educationhired hit menhiringhiring infohistorical sslhitmenhochholaholiday payholidaycheck aghomehome helphome networkhondurashoneybotshoneytrap honeypothong konghooghospital managementhospitality technologyhosthostinghostnamehostname addhostname enumerationhotelshoustonhouston addresshrs documenthrsbshrsbs confighrsfilescannerhspnethtml infohttphttp attackhttp headershttp hosthttp methodhttp requesthttp responsehttp scannerhttp traffichttpshuawei hg532huawei remotehuge domainshuman resourcehungaryhybridhybrid analysisiana registraric dataicmp trafficicone2icons libraryid otherwiseid propertyidentity & access exploitationids detectionsids detedif csvif fileif nodeiframeihnenihnen naheil mioil seguenteillegalillegal activity allegationsim systemimmobilien agimpact ob0008impact ta0040importinboundinbound ruleinboxinbox folderinclude reviewincluded icindexindicatorindonesiainetsim httpinfoinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingeningress tool transferinitiated allinitiatorsinitiators allinjectioninjection activityinjection attacksinnhold mappeinputinput dateinput folderinput validation bypassinquest labsinstinstallinstitution notintakeintelinternet of thingsinvalid studentinvalid urlinvitoiociocsiosiot botnetiot securityiot/ics attackipv4ipv4 addirelandireland unknowniso formatissuerissuing caist coiist siteit infrastructureitemjan04 nowjapanjasonjavajeffrey reimerjeffrey scottjilejob errorjobjjohnjoinjoomlajsonjson configjson containingjson descriptorjson documentjson filejson objectjson postjson responsejsonarchivejsonfunctionjsonobjjsonstrjstrk-12 educationk60zzli httpkeinekeinerkenyakey algorithmkey identifierkey infokeyword searchkgs0khtmlklickenklicken sieklikklik opkls0known infection sourceko lienskoafxkofaxkofax indexkontokonto frkraupaks postalcodekurt waltherla siguientela tchelaag gemiddeldlabellabs pulseslargerlastlateral movementlaw christopherlayer protocolldapldap querylearnlearn moreleavelengthlenker forletterlevelevellevel3librarylicesslifelila windowslimitlinklink injectionlink klickenlink librarylink umlinkslinks contentlist fgsrlivelmountain viewlnmplnmp aloadloadslocallog debugloggerlogginglogslokibotlong-sleepslooklos datoslucene pathlucene pathslucene querylumma stealerm1magic pdfmagnusmail spammermailoney honeypotmainmain departmentmain functionmakermakesmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalspammalwaremalware analysis reportmalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware hostingmalware servicemalware sitesmalware trafficmalware wormmanualmanual datamaps initiatedmaritime transportmasmastermastodon-benignmatchmatch listmatch resultmatch2maxfilembamengmbamscmd importmdphdmediamedia altamedia centermedia sharingmedical servicesmediummedium highmeistermelikamemomemory patternmengmenumergemessagemetameta tagsmetaarrmetadatametadata analysismethodmethod statusmexicomi perfilmicrosoft azuremicrosoft crmmicrosoft edgemicrosoft powermicrosoft teamsmiddlemiddle namemijn profielmikemilehighmedia relatedmilitary operationsmin tominiminiigd upnpmiraimirai botnetmirai variantmitmmitre attmitre attackmmm yyyymobilemobile carriersmobile gamingmobile networksmobile securitymobile threatmodelmodifimodifikatormodule loadmon profilmonitored targetmonitoringmontano markmonthly reportmoroccomovemove aspectmove filemovedmovingmozimozillampressms windowsmsdefender aprmsf stylemsgstrmsiemtismultimulti-cloud managementmusicmwdbmy profilena notenakota siouxnamename dobname serversname tacticsnamearrnamed pipenation-state activitynational securityndernneedneedlenenhumnenhumanessunanessunonetherlandsnetworknetwork adminnetwork communicationnetwork infonetwork intrusion attemptsnetwork namenetwork scanningnetwork securitynetwork_connectionnew documentnewdatanewnamenewpathnextnext associatednext levelnextraynginxnidsniedrig mittelningunaningunonivdortnjratnjsonno datano expirationno problemsno titlenodenode idnodeidnodeidxnodesnomatchnombrenomenome utentenondnsnormalnorth americanot aspectnot foundnot pathnot typenotenotes supportednousnsisntlmnumberob0005 defenseobjectobserved dnsoceaniaodigicert incoffer letterofficeoffice documentoffsetogoogle llcoil & gasonlineopenopenpgp secretoperating systemoperating system securityor conditionoral hlthorgidoriginos2 executableotx scoreblueoutbound connectionoutbound trafficoveroverlayoverview ipoverview zenboxp0fpacking t1045pagepage dowpage searchpalantir doingpangpaperfileconfigpaperfileutilspara hacerloparamparamsparentparent domainparent nameparent pidparked domainparking crewparsepart timepassenger transportationpassive dnspasswordpassword attackspassword bypasspasswort beipatchpathpath traversalpatient carepattern domainspattern matchpay actionpayloadpayload hellopayment processingpayrollpbkdf2sha256pcm competitivepdb pathpdf documentpdf executionpdfa formatpe filepe resourcepe versiope32 compilerpedrazpeexepegasuspegasus relationshipper rifiutareperforms dnspersonperson idperuphiphishphishingphishing attackphishing attemptsphishing campaignphishing trapphone hackingphone nophy samopicvscpiipinames todayplanpleaseplease checkplease clickplease contactplease enterplease noteplease waitpledged giftpng imagepolandpoland based activitypoland unknownpolcertpornportpostpost docpost httppost requestpostal codepostdoctoralposterpotential malware infectionpour cepower generationpower systemspowershellprefixpremiumpreqapresent aprpresent augpresent decpresent janpresent julpresent junpresent sepprioritprivacy actprivacy adminprivacy policyprivilege escalationprobeprobe ms17010problemprocessprocess idprocess infoprocess injectionprocess landingprocess statusprocess32nextwprocesses extraprocidprodprod urlproductproduct versprofileprogramprogram gatewayprogress reportproject idproject pipropproperty investmentproperty managementproperty namepropidxproposal idprotocol exploitationprotocol-deviprotonproxypsauditpublic administrationpublic infrastructurepublic policypublic schoolspublic sitepublic urlpull hiringpulse pulsespulse submitpulsespulses urlpuma sepurposepushq searchqa folderqa selectedqakbotqaoperatorqaoperatorindexqaoperatorlabelquantum fiberquasarquasiquasi governmentquasi typequeriesqueryquery languagequery sortquotedraccoonstealerraheelraheel bhojaniraheel varrail transportrandransomransomexxransomwareraspberry robinratrdap databaseread creadme filereal estatereal estate developmentreal estate marketreal estate technologyrealtek sdkreasonreb approvalreceived daterecentereconnaissancerecordrecord typerecord valuerecords siterecreation fomdrecycle binredacted forredline stealerredlinestealerrefreshrefresh listrefundregardsregexpregulatory agenciesrelated nidsrelated pulsesrelicremoteremote accessremote servicesrenewable energyreportreport fgsrreport ofreport onreport processreport sorryreportsreputation damagerequestrequest quoterequest statusrequested rangeresearchedresidential real estateresolved ipsresolverrorresource hijackingresources apirestrestartrestaurant operationsresultresult lengthretail traderetain titlereturnreturnsreturns jsonretypereutrn falserevdatereverse dnsreviewreview iocsreview processreview requestreview sorryrijnriperm filerm filingrm systemrmcfgrnrnro backscanro codero documentro scriptsro workflowrogersrole titleroot carosmrpcsrsa tlsrso projectrtfrule folderrunning reportrunning scriptruntime dataruntime-modulesrunyearrussiarussian federationrwi dtoolsryuksabeysabey typesafefilenamesafety manualsalariedreg auxsaludossammiesample emailsample rmsamplessandboxsandbox evasionsandbox reportsavesave formsavedsavingsc typescams & fraudscan docscan endpointsscannedscannerscanning activityschoolschool districtschoolsscience addpscifilescannerscorescott reimerscriptscript domainsscript md5script startedscript urlsscripting attacksse antivirussearchsearch lengthsearch matchsearch termsearchcriteriasearchmatchdobsearchmatchmovesearchresultsearchtermsecurity operationssecurity policyselectsendemailsensor-taggedsentrypeer botnetserce internetuserverserver caserver errorserversserviceservice logserving ipset messagesetup errorseznamsfsusslsg2backup driveshareshare sharesharedshared driveshellshell foldersshopshowshowingsi deseasibotsie eingeladensie erstelltsie knnensigmasignersigner1signer2singaporesingle familysinkhole cookiesitesite runningsite viewersiteidsitessizeslcc2slovakiasmfstrsmoke loadersmtpsnatchsoap commandsocial engineeringsocial engineering attacksocial media securitysoftware developmentsoftware exploitationsorrysouth americaspainspamspammerspansparkspasitespawnsspringspywaressdeepssh attackssh monitoringssl certificatestartstart buildingstart datestart fgsrstart formstart kofaxstartedstarting namestaticstatic analysisstatusstatus codestausstdaplstep workflowstop datastop showstorestore idstoreidstreamstringstringsstuccidstudentstudent casestudent ccidstudent idstudent termstudent viewstuidstulnsubjectsubject publicsubject titlesubmission datesubmitsubmit buttonsubmit formsubsetsuccesssuccessfully easuite esummarysupccidsupdeptsupervisor ccidsupportsureshsuresh josheesuricata idssuspsweepsweetheartvideo relatedswipperswitchsystemsystem accesssystem disruptionsystem overviewsystem processt1003t1005t1007t1010t1012t1014t1018t1021t1021.001t1023t1027t1030t1033t1036t1036.004t1040t1041t1045t1046t1047t1053t1055t1055 processt1056t1057t1059t1059.001t1059.003t1059.007t1060t1063t1064t1068t1069t1069.001t1070t1071t1071.001t1071.004t1074t1078t1082t1083t1086t1088t1089t1095t1102t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1114.001t1115t1119t1129t1133t1135t1140t1143t1185t1189t1189 foundt1190t1192t1197t1203t1204t1204.001t1204.002t1204.003t1210t1480t1485t1486t1489t1490t1496t1497t1499.001t1499.002t1499.003t1518t1542t1543t1547t1553t1555t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578.003t1583t1583.001t1587.001t1588.001t1589.001t1590.001t1595t1595.001t1595.002t1595.003t1598t1598.003t1602t1602.001t1610tachnalnav dantag counttagstailletaiwantaiwan unknowntamanhotamaotannertargeting databasetasktask assignedtask infotaskidtaskstasks dashlettasks filterteamtelecomtelecom servicestelecommunicationstelnet threattelustermterry harristest effectivetest javatest persontexttext file iocstfriththailandthanktherapy fomdthesisthesis depositthesis programsthesis statusthirdthisthis determinethor apt scannerthreat actorthreat detectionthreat intelligencethreat preventionthreat reportthreat roundupthreat tooltimetime clicktime limittimo salzsiedertiteltitletitle addedtitolotitretitteltlsv1todaytofseetoggletoolstor nodetotaltotal afatourismtpottptjswtraceback mantracking domainstrantransportation and warehousingtransportation infrastructuretransportation technologytrashtre rcupretreaty 8treece alfreytrevor reporttrid adobetridenttriggertrigger apstrimlrtrojantrojan featurestrojan malwaretrojandroppertrojanspytruetrusttsaratsara brashearsttl valuettulotulachtwittertypetype gettype indicatortypekeytypestypes ofuaesignualbertauappoluappol contentuappol functionuappol metadatauarmmuathdepukraineunauthorizedunicodeunitedunited kingdomunited statesuniversity homeuniversity vpnunixunknown commandunknown nsunsafe avastuofa ecmuofa edrmsuofacapupatre malwareupdated dateuploadupload fileuploaderupxurlsurls httpurls httpsuseruser executionuser groupuser nameuser syncusersusgs impersonationutil functionutility enterv3 serialvalidvaluevalue avalue snkzvar csvfilevar currentuservar documentvar foldervar logfilevar startdatevar taskidvar titlevarnamevba macroverdictverified-benignverifyversionversion historyversionhistoryveryvetting processvgt.pl relatedvhashvideo gamesvietnamviewview errorview warningviewer accessvirtoolvirusvisiblevoipvoip attackvousvpnvt communityvulnerability scanw32.bloat-awannacrywannacryptwarningwealth managementweb apisweb application attackweb application exploitationweb applicationsweb deployedweb developmentweb exploitweb exploitationweb hostingweb infrastructureweb linkweb scriptweb scriptsweb securityweb serviceweb servicesweb technologiesweb trafficwebdavwebdav urlwebsite compromise attemptwebsite injectionwendywhmiswhoiswhois recordwhois serverwhois whoiswin16 newin32 dynamicwin32 exewin32 malwarewin32mydoom novwin32upatre marwindirwindowwindowswindows malwarewindows ntwindows sandboxwinntwir legenwordworkers compensationworkflow descworkflow idworkflow linkworkflow nameworldwormwornwpaddetectedurlwpaddhcpwpaddnswritewrite cwsasendx cachex509v3 subjectxcitium verdictxe exml fieldxml filexml relatedxmlcontxmlfilexmlfilenamexmlfileobjxmlnodexmlstrxmlutilxporty seleccioneyandexyarayara detectionsyara ruleyegyesnoyomi hunteryouthyumnazenboxzenbox androidzfglddkl58a urlzipzur site

Activity Timeline

1 total obs

May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

60%

Confidence

Reports

First seenDec 19, 2023

Last seenMay 31, 2026

GeolocationDE

CountryGermany

LocationCologne, North Rhine-Westphalia

ASNAS47846

OrgSEDO

Coords50.9488, 6.9443

VPN

VirusTotal

Not checked

WHOIS

description: CC=DE ASN=AS47846 SEDO GmbH
raw: inetnum: 64.190.62.0 - 64.190.63.255 netname: SEDO-NET2 country: DE org: ORG-SA551-RIPE admin-c: OD12023-RIPE admin-c: IXCW-RIPE tech-c: IXCW-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: IX1-MNT mnt-routes: IX1-MNT mnt-domains: IX1-MNT created: 2020-10-21T11:07:24Z last-modified: 2023-01-24T09:53:13Z source: RIPE sponsoring-org: ORG-IG16-RIPE organisation: ORG-SA551-RIPE org-name: SEDO GmbH country: DE remarks: SEDO-ORG org-type: OTHER address: Sedo GmbH address: Im Mediapark 6 address: 50670 Koeln abuse-c: IX26-RIPE mnt-ref: IX1-MNT mnt-by: IX1-MNT created: 2007-10-08T16:10:11Z last-modified: 2022-12-01T16:46:16Z source: RIPE # Filtered role: InterNetX Network Crew address: InterNetX GmbH address: Johanna-Dachs-Str. 55 address: D-93055 Regensburg phone: +49 941 59559 0 fax-no: +49 941 59579 051 nic-hdl: IXCW-RIPE admin-c: MS4404-RIPE admin-c: CS5299-RIPE tech-c: MS4404-RIPE tech-c: CS5299-RIPE abuse-mailbox: [email protected] remarks: ------------------------------------------------------------- remarks: For the right handling of Abuse/Spam and Illegal Activity remarks: issues, please use ONLY the abuse-mailbox E-Mail: remarks: [email protected] remarks: Abuse/Spam reports to other email addresses will be ignored. remarks: ------------------------------------------------------------- mnt-by: IX1-MNT created: 2006-12-06T15:39:30Z last-modified: 2024-12-16T13:34:03Z source: RIPE # Filtered person: Ochotzki Dirk address: SEDO GmbH address: Im Mediapark 6 address: 50670 Koeln address: Deutschland phone: +49 221 340 30-0 fax-no: +49 221 340 30 5280 nic-hdl: OD12023-RIPE mnt-by: IX1-MNT created: 2023-01-24T09:49:27Z last-modified: 2023-01-24T09:49:27Z source: RIPE route: 64.190.62.0/23 descr: SEDO-NET2-PI origin: AS47846 remarks: ------------------------------------------------------------- remarks: For the right handling of Abuse/Spam issues, please use ONLY remarks: the abuse-mailbox E-Mail or these contact: remarks: [email protected] remarks: Abuse/Spam reports to other email addresses will be ignored. remarks: ------------------------------------------------------------- mnt-by: IX1-MNT created: 2020-10-22T06:53:26Z last-modified: 2024-12-16T13:02:20Z source: RIPE
references: https://hybrid-analysis.com/sample/81a2725b94bf9f6cf0efae1c32731d59521da6d16cff43025a1fdf1856922423/68a4968f55899ebf7f05e3ec, https://hybrid-analysis.com/sample/81a2725b94bf9f6cf0efae1c32731d59521da6d16cff43025a1fdf1856922423, https://www.filescan.io/uploads/68a490a2a4bdac9f5b9e8513/reports/5e92a183-d74e-494c-8e7a-f40606b3915b/overview, https://metadefender.com/results/file/bzI1MDgxOTZFa0hhbjliVzliaVdYM0dwTnZ0_mdaas, https://metadefender.com/results/file/bzI1MDgxOWtoRHVibTFqTWN4VktZUEl6VWJr_mdaas, https://polyswarm.network/scan/results/file/015c834dc13c1a1a0a5a698a7f6fe539495a2408ba1ee7c1bda8dadf614b8415, https://www.virustotal.com/graph/embed/g0cf8ff0344b94687bffc857cfe13493870664db930ae4f4fbfb96b0731df1f70?theme=dark, https://report.netcraft.com/submission/DqomDAUYMDMHheMXlTv5IAJ7ph7y5byH?tab=urls, old-AlfrescoToolkit.conf, AlfrescoToolkit.info, AlfrescoToolkit.conf, activities-email_es.ftl, activities-email_ja.ftl, activities-email_de.ftl, activities-email_nl.ftl, activities-email.ftl, activities-email_it.ftl, activities-email_fr.ftl, CAP-notify-monthly-report.ftl, chs-commentUpdate.ftl, chs-studentUploadNotification.ftl, chs-Invalid.ftl, chs-studentExpireSoon.ftl, chs-studentExpired.ftl, following-email.html_it.ftl, following-email.html_fr.ftl, following-email.html_ja.ftl, following-email.html_nl.ftl, following-email_de.html.ftl, following-email_fr.html.ftl, following-email_ja.html.ftl, following-email_it.html.ftl, following-email_nl.html.ftl, following-email.html.ftl, following-email.html_de.ftl, fvca-reminder-email.ftl, fvca-corrections-email.ftl, invite-email_nl.html.ftl, invite-email-add-direct.html.ftl, invite-email-add-direct.html_fr.ftl, invite-email_fr.html.ftl, invite-email_it.html.ftl, invite-email-add-direct.html_es.ftl, invite-email-add-direct.html_de.ftl, invite-email_ja.html.ftl, invite-email-add-direct.html_nl.ftl, new-user-email.html.ftl, new-user-email_de.html.ftl, invite-email-add-direct.html_ja.ftl, invite-email-moderated.html.ftl, new-user-email_fr.html.ftl, new-user-email_it.html.ftl, new-user-email_ja.html.ftl, new-user-email_es.html.ftl, new-user-email_nl.html.ftl, invite-email-add-direct.html_it.ftl, new-user-email_nl.html, invite-email.html_nl.ftl, invite-email.ftl, invite-email_es.html.ftl, invite-email.html.ftl, invite-email_de.html.ftl, invite_user_email.ftl, kofaxFailedEmailTemplate.ftl, notify_user_email.ftl, notify_nl.htm, notify_user_email_es.html.ftl, notify_user_email_de.html.ftl, notify_user_email_ooa_failed.ftl, notify_user_email.html.ftl, notify_user_email_it.html.ftl, notify_user_email_e-transcript_failed.ftl, notify_user_email_ja.html.ftl, notify_user_email_fr.html.ftl, notify_user_email_nl.html.ftl, OOA-notify-email-template.ftl, ADV-notify-terms-types.ftl, appt-final-reminder.ftl, appt-halfway-reminder.ftl, sfs-wf-email.html.ftl, sfs-wf-completed-email.html.ftl, payActionDecision.html.ftl, departmentAdhocTask.html.ftl, wf-email.html_de.ftl, wf-email.html.ftl, wf-email_it.html.ftl, wf-email_fr.html.ftl, wf-email_nl.html.ftl, wf-email_ja.html.ftl, wf-email.html_fr.ftl, wf-email.html_nl.ftl, wf-email_es.html.ftl, wf-email.html_ja.ftl, wf-email.html_it.ftl, wf-email_de.html.ftl, wf-email.html_es.ftl, emailbody_textplain_alfresco.ftl, emailbody_textplain_alfresco_es.ftl, emailbody_textplain_alfresco_fr.ftl, emailbody_textplain_alfresco_it.ftl, emailbody_textplain_alfresco_ja.ftl, emailbody_textplain_alfresco_nb.ftl, emailbody_textplain_alfresco_pt_BR.ftl, emailbody_textplain_alfresco_nl.ftl, emailbody_textplain_alfresco_ru.ftl, emailbody_textplain_alfresco_zh_CN.ftl, emailbody_textplain_share.ftl, emailbody_textplain_share_de.ftl, emailbody_textplain_share_es.ftl, emailbody_textplain_share_it.ftl, emailbody_textplain_share_ja.ftl, emailbody_textplain_share_nb.ftl, emailbody_textplain_share_nl.ftl, emailbody_textplain_share_ru.ftl, emailbody-alfresco-textplain.ftl, emailbody-share-textplain.ftl, emailbody_textplain_alfresco_de.ftl, emailbody_textplain_share_zh_CN.ftl, emailbody_textplain_share_fr.ftl, emailbody_textplain_share_pt_BR.ftl, uofa-pc-model.xml, uofa-pllc-model.xml, uofa-science-model.xml, uofa-rso-model.xml, uofa-set-model.xml, uofa-sfs-model.xml, uofa-slate-model.xml, uofa-uappol-model.xml, advext-model.xml, assocModel.xml, adv-model.xml, cbsr-model.xml, dynamicSecurityMarksModel, ephesoft-educational.xml, facopr-model.xml, fgsr-model.xml, faculty-model.xml, psAudit-model.xml, FVCA.xml, roDocProcessing-model.xml, ro-model.xml, fgsr-thesis-deposit.xml, security-group-model.xml, ua-audit-generic-model.xml, ua-dummy.xml, calendar-year-model.xml, ua-error-model.xml, uafgsrsup-model.xml, uaqa-model.xml, transcript-model.xml, uAlbertaWorkflowGeneral.xml, uarmm-supplement-scanning.xml, uarm-rma-filing-model.xml, ua-search-model.xml, ro-search-match.xml, uatraining.xml, uofa-ales-model.xml, uofa-arts-model.xml, uofa-aps-model.xml, uofa-base-model.xml, uawfh-model.xml, uofa-augustana-model.xml, uofa-business-model.xml, uarmTempModel.xml, uofa-cap-model.xml, uofa-chs-model.xml, uofa-chs-agreements-model.xml, uofa-common-model.xml, uofa-education-model.xml, tamis-model.xml, uofa-engg-coop-model.xml, uofa-engg-model.xml, uofa-fo-model.xml, uofa-extension-model.xml, uofa-esign-model.xml, uofa-hrsbs-model.xml, uofa-law-model.xml, uofa-caps-model.xml, uofa-hrs-model.xml, uofa-native-studies-model.xml, uofa-pllc-model.json, uofa-rso-model.json, uofa-pc-model.json, uofa-native-studies-model.json, uofa-slate-model.json, uofa-uappol-model.json, uofa-science-model.json, uofa-workflowGeneral.json, uofa-sfs-model.json, adv-model.json, advext-model.json, assocModel.json, calendar-year-model.json, facopr-model.json, cbsr-model.json, ephesoft-educational.json, faculty-model.json, faculty-model.xml.json, rma-model.json, fgsr-model.json, FVCA.json, psAudit-model.json, ro-aug-model.json, ro-search-match.json, tamis-model.json, security-group-model.json, fgsr-thesis-deposit.json, transcript-model.json, ro-model.json, ua-audit-generic-model.json, uafgsrsup-model.json, uaqa-model.json, uarmm-supplement-scanning.json, uAlbertaWorkflowGeneral.json, ua-error-model.json, uofa-ales-model.json, ua-search-model.json, uarmTempModel.json, uofa-aps-model.json, uawfh-model.json, uofa-arts-model.json, uofa-cap-model.json, uofa-chs-agreements-model.json, uofa-augustana-model.json, uofa-base-model.json, uofa-chs-model.json, uofa-engg-coop-model.json, uofa-common-model.json, uofa-engg-model.json, uofa-extension-model.json, uofa-hrsbs-model.json, uofa-fo-model.json, uofa-education-model.json, uofa-law-model.json, uofa-hrs-model.json, uofa-esign-model.json, uofa-business-model.json, faculty-of-science-site.json, FandO-Organizations.json, FandO-Programs.json, fgsr-awards.json, fgsr-category-list.json, fgsr-exam-list.json, fgsr-official-list.json, fgsr-programOfStudy.json, fgsr-site.json, fo-emergency-response-manual.json, graduate-student-records-site.json, fo-site.json, fo-utilities.json, hrs-benefits.json, hrsbs-action-reasons.json, graduate-student-records-v2-site.json, hrsbs-doc-list.json, hrsbs-file-structure.json, hrsbs-owner-details.json, hrsbs-functionalroles.json, hrsbs-function-module.json, hrsbs-review-month.json, hrsbs-security-class.json, hrsbs-site.json, hrs-employeeApprovedDeductions.json, hrs-bulkId.json, hrsbs-review-cycle.json, hrs-employmentFinancial.json, hrs-personalInformation.json, hrs-pension.json, hrs-security-list.json, hrs-leaves.json, Institutions.json, ist-site.json, hrs-site.json, my-site-site.json, law-security-list.json, native-studies-doc-list.json, fgsr-credential-list.json, law-doc-list.json, native-studies-security-list.json, office-of-advancement-record-types.json, office-of-advancement-site.json, pcm-category.json, pllc-doc-list.json, ro-academic-pre-pro-programs.json, pllc-security-list.json, ro-acad-group.json, ro-admitType.json, ro-applicant-type.json, ro-campusSolutionsTerm.json, hrsbs-employee-class.json, pllc-site.json, ro-indigenous-type.json, ro-doctypes.json, pcm-site.json, ro-official.json, ro-org-desc.json, ro-related-record-types.json, ro-relationship-to-institution.json, ro-search-match-status.json, ro-authenticity.json, ro-slate-folio-material-non-school-scope.json, ro-slate-institution-material.json, ro-slate-folio-material-school-scope.json, ro-method-receipt.json, ro-slate-institutions.json, ro-test-id.json, rso-accounts-receivable-accounts-payable-doc-type.json, rso-agreements-doc-category.json, rso-bulk-scan-doc-type.json, rso-cfi-purchasing-doc-type.json, rso-cfi-financials-doc-type.json, rso-financial-reconciliation-doc-type.json, rso-financial-reporting-doc-type.json, rso-financials-doc-type.json, rso-mask.json, rso-site.json, rso-sponsor-names.json, science-doc-list.json, science-security-list.json, school-of-business-site.json, sfs-ussl-report-status.json, staff-training-site.json, student-financial-services-doc-list.json, student-financial-services-site.json, student-records-bulk-load-testing-site.json, student-records-training-site.json, student-records-site.json, student-transcripts-site.json, rso-forms-form-type.json, support-documentation-site.json, test-site-site.json, uappol-category-heirarchy.json, uappol-type.json, uappol-site.json, uoda-faculties.json, academic-department.json, adv-correspondence-type.json, uoda-departments.json, advsearch.json, ales-security-list.json, ales-doc-list.json, arts-doc-list.json, arts-security-list.json, augustana-security-list.json, augustana-site.json, augustana-legacy-transcript-doc-list.json, rso-activation-report-doc-type.json, business-doc-list.json, business-security-list.json, bulkload-testing-site.json, cap-site.json, caps-school-board-list.json, cbsrsite-site.json, cbsrsite-sopTypes.json, cbsr-study.json, cbsr-worksheetType.json, augustana-doc-list.json, chs-ag-type.json, chs-agreements-site.json, chs-campus-list.json, chs-degProgram-list.json, chs-emailNotification.json, chs-document-status.json, chs-faculty-list.json, chs-programYear-list.json, chs-program-list.json, canada-provinces-list.json, demo-site-site.json, education-doc-list.json, department.json, education-security-list.json, chs-stuEmailNotification.json, college-of-health-sciences-site.json, chs-provinces-list.json, engineering-coop-doc-list.json, engineering-coop-security-list.json, engineering-co-op-site.json, engineering-doc-list.json, extension-doc-list.json, extension-security-list.json, facopr-planTypes.json, facopr-supportinDocField.json, faculty-of-ales-site.json, engineering-security-list.json, faculty-of-education-site.json, faculty-of-extension-site.json, faculty-of-native-studies-site.json, faculty-of-law-site.json, faculty-of-arts-site.json, faculty-of-engineering-site.json, my_docs_inline.ftl, my_docs.ftl, my_spaces.ftl, recent_docs.ftl, translatable.ftl, readme.ftl, show_audit.ftl, general_example.ftl, my_summary.ftl, doc_info.ftl, localizable.ftl, recordsCustomModel.xml, imapConfig.json, rm_event_config.json, rmScriptThrowError.js, report_rmr_transferReport.html.ftl, report_rmr_destructionReport.html.ftl, report_rmr_holdReport.html.ftl, notify-records-due-for-review-email.ftl, record-rejected-email.ftl, record-superseded-email.ftl, onCreate_supersedes.js, rma_isClosed.js, PaperFileconfig.json, MyTasks-config.json, AFAconfig.json, roDocumentTypes.json, uappol-upload-rule.js, uappolCreateFolderRule.js, uappolCreateFolder.js, uappol-api.js, uappol-functions.js, command-utils.js, backup and log.js, backup.js, example test script.js, test return value.js, start-pooled-review-workflow.js, command-processor.js, command-search.js, alfresco docs.js, append copyright.js, createDepartmentJSON.js, hrsDaily.js, hrsFolderCreateSchedule.js, hrsScanned.js, hrsCreateFolder.js, hrsFolderCreateRule.js, hrsFileShareFolder.js, alesCreateFolderRestricted.js, alesCreateFolderSchedule.js, alesBulkShareFolder.js, alesFileScanned.js, alesCreateFolder.js, alesDaily.js, alesFileShareFolder.js, alesCreateFolderConfidential.js, alesCreateAdvisingNotes.js, alesFolderCreateSchedule.js, deployWebServiceDescriptor.js, taskReportCSV-Appointment-prod.js, artsFileScanned.js, artsCreateFolderRule.js, artsCreateFolder.js, artsCreateFolderRestricted.js, augCreateFolderRestricted.js, augCreateFolder.js, businessCreateFolderRule.js, businessCreateFolder.js, businessCreateFolderSchedule.js, businessBulkShareFolder.js, businessFileShareFolder.js, businessCreateFolderRestricted.js, businessDaily.js, businessCreateAdvisingNotes.js, businessFileScanned.js, CAPSendMonthlyReportEmail.js, CAPGenerateMonthlyReport.js, CapFinalReportSubmit.js, chsCreateFolderRule.js, chsEmailOnUpdateComment.js, chsReport.js, EmailNotifCHSStudent.js, SetExpiryDate.js, chsCreateFolder.js, chsFacultyReport.js, chsAgreementCreateFolderRule.js, chsAgreementCreateFolder.js, scheduleJobTest.js, every52MinPastHour.js, every46MinPastHourBetween4PM12PM.js, every57MinPastHour.js, every47MinPastHourBetween4PM12PM.js, everyDay4H30MinAM.js, everyDay7H45MinAM.js, every10MinStartingAt5MinPastHour.js, every38MinPastHourBetween4PM12PM.js, every20MinStartingAt15MinPastHour.js, everyDay2H05MinAM.js, every2MinStartingAt1MinPastHour.js, everyDay1H05MinAM.js, everyDay12H30MinAM.js, everyDay7H30MinPM.js, every30MinStartingAt19MinPastHour.js, every30MinStartingAt11MinPastHour.js, everyDay2H35MinAM.js, every30MinStartingAt26MinPastHour.js, every16MinPastHour.js, everyDay1H45MinAM.js, everyDay2H45MinAM.js, every29MinPastHour.js, every22MinPastHour.js, everyDay11H30MinPM.js, educationCreateFolderRule.js, educationCreateFolder.js, educationCreateAdvisingNotes.js, enggCoopCreateFolderRestricted.js, enggCoopCreateFolderRule.js, enggCoopBulkUpload.js, enggCreateFolderRule.js, enggCreateFolderRestricted.js, enggCreateFolder.js, engineeringCreateAdvisingNotes.js, enggCoopCreateFolder.js, enggFileScanned.js, enggCoopFileScanned.js, extensionFileScanned.js, extensionCreateFolder.js, extensionCreateFolderRule.js, fgsrCreateGuidelineAPSProcessFromCSV.js, fgsrDocRestructure.js, fgsrMigrationScript.js, fgsrDocRelocation.js, fgsrCreateFolderFromCSV.js, guideline-reports.js, fgsrMigrationScript-withTerminationLogic.js, modfiyOrUpdatePropertyfromCSV.js, fgsr-case-file-report.js, fgsrCreateAPSProcessFromFolder.js, fgsrCreateFolder.js, fgsrCopyMetadataToFolderLevel.js, fgsrCreateAPSProcessFromCSV.js, foCreateFolder.js, foCreateFolderRule.js, Script1.js, Script2.js, scheduleRunEvery2-10PM.js, scheduleRunEvery5PMTo10PM.js, scheduleRunEvery30Minutes.js, scheduleRunEvery60Minutes.js, scheduleRunEveryday3PMto11PM.js, scheduleRunEveryday12AMto6AM.js, scheduleRunEvery20Minutes.js, scheduleRunEvery2AM.js, acsToApsUserUpdate.js, 2024-01-13-log.txt, 2024-01-15-log.txt, 2024-01-20-log.txt, 2024-01-21-log.txt, 2024-01-22-log.txt, 2024-01-23-log.txt, 2024-02-04-log.txt, 2024-02-05-log.txt, 2024-02-06-log.txt, 2024-02-07-log.txt, 2024-02-08-log.txt, 2024-01-14-log.txt, 2024-01-18-log.txt, 2024-01-11-log.txt, 2024-01-16-log.txt, 2024-01-19-log.txt, 2024-01-26-log.txt, 2024-01-28-log.txt, 2024-01-30-log.txt, 2024-01-12-log.txt, 2024-01-29-log.txt, 2024-01-27-log.txt, 2024-01-31-log.txt, 2024-01-24-log.txt, 2024-02-09-log.txt, 2024-02-02-log.txt, 2024-01-09-log.txt, 2024-02-03-log.txt, 2024-01-05-log.txt, 2024-01-06-log.txt, 2024-01-04-log.txt, 2024-02-01-log.txt, 2024-01-07-log.txt, 2024-01-08-log.txt, 2024-02-10-log.txt, 2024-02-11-log.txt, 2024-02-12-log.txt, 2024-02-13-log.txt, 2023-12-31-log.txt, 2024-02-15-log.txt, 2024-02-16-log.txt, 2024-02-14-log.txt, 2024-02-18-log.txt, 2024-02-20-log.txt, 2024-01-17-log.txt, 2024-02-19-log.txt, 2024-01-10-log.txt, 2024-02-23-log.txt, 2024-02-25-log.txt, 2024-02-21-log.txt, 2024-01-25-log.txt, 2024-02-28-log.txt, 2024-02-22-log.txt, 2024-02-29-log.txt, 2024-03-02-log.txt, 2024-03-03-log.txt, 2024-02-26-log.txt, 2024-03-04-log.txt, 2024-03-06-log.txt, 2024-03-07-log.txt, 2024-03-05-log.txt, 2024-03-08-log.txt, 2024-03-09-log.txt, 2024-03-11-log.txt, 2024-03-10-log.txt, 2024-03-12-log.txt, 2024-03-13-log.txt, 2024-03-14-log.txt, 2024-03-15-log.txt, 2024-03-16-log.txt, 2024-03-17-log.txt, 2024-03-18-log.txt, 2024-03-20-log.txt, 2024-03-21-log.txt, 2024-03-22-log.txt, 2024-03-19-log.txt, 2024-03-23-log.txt, 2024-03-01-log.txt, 2024-03-26-log.txt, 2024-03-25-log.txt, 2024-03-28-log.txt, 2024-03-29-log.txt, 2024-03-27-log.txt, 2024-03-24-log.txt, 2024-03-30-log.txt, 2024-04-02-log.txt, 2024-04-03-log.txt, 2024-03-31-log.txt, 2024-04-05-log.txt, 2024-04-06-log.txt, 2024-04-07-log.txt, 2024-04-08-log.txt, 2024-04-09-log.txt, 2024-04-04-log.txt, 2024-04-11-log.txt, 2024-04-12-log.txt, 2024-04-13-log.txt, 2024-02-17-log.txt, 2024-04-01-log.txt, 2024-04-16-log.txt, 2024-04-15-log.txt, 2024-04-10-log.txt, 2024-04-17-log.txt, 2024-02-24-log.txt, 2024-04-14-log.txt, 2024-04-19-log.txt, 2024-04-21-log.txt, 2024-04-22-log.txt, 2024-04-23-log.txt, 2024-04-24-log.txt, 2024-04-26-log.txt, 2024-04-25-log.txt, 2024-04-29-log.txt, 2024-04-30-log.txt, 2024-05-01-log.txt, 2024-05-02-log.txt, 2024-05-03-log.txt, 2024-05-04-log.txt, 2024-05-05-log.txt, 2024-05-06-log.txt, 2024-04-28-log.txt, 2024-05-07-log.txt, 2024-04-18-log.txt, 2024-05-08-log.txt, 2024-05-09-log.txt, 2024-05-10-log.txt, 2024-05-12-log.txt, 2024-05-14-log.txt, 2024-05-11-log.txt, 2024-05-16-log.txt, 2024-04-27-log.txt, 2024-05-17-log.txt, 2024-05-15-log.txt, 2024-05-18-log.txt, 2024-05-20-log.txt, 2024-05-21-log.txt, 2024-05-19-log.txt, 2024-05-22-log.txt, 2024-05-23-log.txt, 2024-05-25-log.txt, 2024-05-24-log.txt, 2024-05-26-log.txt, 2024-05-27-log.txt, 2024-05-28-log.txt, 2024-05-29-log.txt, 2024-05-30-log.txt, 2024-06-02-log.txt, 2024-05-13-log.txt, 2024-06-01-log.txt, 2024-05-31-log.txt, 2024-04-20-log.txt, 2024-06-03-log.txt, 2024-06-04-log.txt, 2024-06-05-log.txt, 2023-12-30-log.txt, 2023-12-01-log.txt, 2024-02-27-log.txt, 2023-12-29-log.txt, gtaGraProcessToCSV.js, gtaGraProcessToCSV-2AM.js, hrs-benefit-report.js, westCanDocumentMove.js, hrsbsReviewCycleReport.js, hrsbsCreateFolderRule.js, HRSBS-SyncCCIDs.js, hrsbsCreateFolder.js, FVCA-data-import.js, FVCA-manual-property-update.js, istPerformanceReviewCreateFolder.js, lawCreateFolderRestricted.js, lawFileScanned.js, lawCreateFolder.js, lawCreateFolderRule.js, nativeStudiesCreateFolderRestricted.js, nsFolderCreateSchedule.js, nativeStudiesCreateFolder.js, nativeStudiesCreateFolderRule.js, ADV-notify-type-mapping.json, OOA-notify-email.js, ADV-notify-terms-types.js, pcm-grab-competitive-noderefs.js, pcm-update-competitive-noderefs.js, pcmCreateFolder.js, psUpdateAlfrescoDepartment.js, pllcCreateFolder.js, qaProcess.js, qaRelease.js, rmOOABackgroundInformationFiling.js, rmFilingDoc.js, rmSearchmatchNomatchFiling.js, rmFilingConfig.json, thesisDestructionReport.js, rmThesis.js, add_document_type_ro.js, updateSearchMatchStatus.js, searchmatchFullDob.js, createROReconciliationReports.js, eTranscriptInstList.js, folder-create-ro.js, augTranscript.js, addTimeStamp.js, missingDocumentList-csv.js, roAddAspectAndMoveAFA.js, myTaskDownload.js, roAddAspectAndMoveTranscript.js, roAddBundlingAspect.js, roAddSearchMatchAspect.js, roCopyEphesoftMetadataXML.js, roBatchScript.js, addSearchMatchDocumentType.js, roCreateEducationalCSV.js, roCopyOlderScannedDocument.js, roDocumentListAPLSTD.js, roCopyOlderScannedDocumentAdHoc.js, roEtranscriptReport.js, roDailyQA.js, roEtranscriptsBundleTest.js, roFolderCreateLDAPLookup_no_notificatiion.js, roFolderCreateLDAPLookup.js, roEtranscriptsBundle.js, roAddComment.js, roCopyEphesoftMetadataScanned.js, roMoveCompleted.js, roMoveCompletedBackScan.js, roMoveCompletedSearchMatch.js, roEtranscriptPDFConverter.js, roScanningMetadata.js, roScript1.js, RORoutingWorkflowUtil.js, roScript3.js, roScript2.js, roScanningMetadataBackScan.js, roScript7.js, roScript6.js, roScript9.js, roScript1BackScan.js, roSearchMatchNoMatchReport.js, roSearchMatchQuery.js, RONotification.js, roSlateDocumentExport.js, roTagAndFileRenderedPDFs.js, roScript4.js, roScript5.js, roScript8.js, createSlateFolioMaterialDropdown.js, createSlateApplicationsCSV.js, LaunchWorkflowUtils.js, PaperFileUtils.js, GenerateSponsornamesAndPinames.js, rsoCreateFolder.js, sciCreateFolderConfidential.js, sciCreateFolderPublic.js, sciCreateFolder.js, sciCreateFolderRestricted.js, scienceASDocumentImport.js, sciFileADDPFileTypes.js, sciFileShareFolder.js, sciFileScanned.js, sciBulkShareFolder.js, copy-signed-offer-letter.js, dept-config.js, reappointment-generate-schedule.js, reappointment-reminder-schedule.js, reappointment-generate-process.js, manual-generate-script.js, reappointment-reminder-process.js, reminder-email-util.js, reappointment-tracking-schedule.js, reappointment-tracking-process.js, appointment-report.js, appointment-report-schedule.js, manual-tracking-script.js, sfsCreateFolder.js, sfsWorkflowStatus.js, security-group-user.js, createReportPermissionsFoldersInASite.js, siteMembersReport.js, createReportRecursiveGroupsAndUsersInASite.js, search-responses.js, advChangeDocumentType.js, addFolderMetadata.js, advChangeDocumentType_confidential.js, consignOInitiatorOfferLetterChange.js, advChangeDocumentType_background.js, transcriptResponse.js, change-fgsr-pdf-file-name-with-date.js, copy-fgsr-to-graduate-students-records.js, ADVDonationCalendarToFiscal.js, document-query.js, deletingCompletingWorkflow.js, eTranscriptTemp.js, eTranscript-bundled-02-jan.js, eTranscriptVersionModifierFix.js, fixCheckout.js, removeDonationGrp.js, eTranscriptVersioningFix.js, move-fgsr-folder.js, search-match-dob-add.js, thesisDepositArchival.js, moveThesesForTransfer.js, eraReportGeneration.js, kofaxMetadataMerge.js, kofaxMetadataMergeMissing.js, generic2min.js, kofaxSendEmail.js, PeopleSoft-eTranscript-XML-PDF.js, startBenefitWorkflow.js, peoplesoftMetadataMergeMissing.js, securityWorkflowUtil.js, startPayActionWorkflow.js, startDepartmentAdhocApprovalWorkflow.js, convertTranscript.js, CreateTranscriptUserMemberships.js, startTwoStepWorkflow.js, fix_employee_names.js, env.js, folderCreateUtil.js, folderCreateUtilAA.js, generalSchedule.js, JSON.js, xmlUtil.js, addPersonAspect.js, addTimeStampRandomFileName.js, archiveDocument.js, luceneUtil.js, util.js, archivedItems.js, getProjectDetails.js, ADVChangeAuthor.js, ADVcalendarToFiscal.js, symplexUtils.js, advBatchProcessing.js, advChangeDocumentName.js, ADVEphesoftMove.js, advCreateFolderScheduled.js, advErrorMessageReset.js, advMetadataUpdate.js, advMoveToFoldersScheduled.js, ADVendFundReportFiling.js, advReconcilliation.js, ADVmoveRecordsToPreQA.js, advScanningMetadata.js, advScript2.js, advScript3.js, advScript4.js, advScript1.js, advScript5.js, advScriptDaily.js, advScriptMonthly.js, advScriptKofax.js, ADVSiteContext.js, advMoveToFolder.js, deleteEphesoftDoc.js, advUtils.js, folderCreateADV.js, advScriptDaily30minFreq.js, jsonUtils.js, advScanning.js, folderCreateDocumentADV.js, moveToFolders.js, symplexMetadataUpdate.js, OOA_SOT_Name_change.js, moveToFoldersRetainTitle.js, advScriptWeekly.js, symplexMoveToFolder.js, clioToAcsDocUpdate.js, ClioUpdateScheduledJob.js, smartFoldersExample.json, system-overview.html, businessDocSetup.json, uappolDocSetup.json, businessConfig.json, augConfig.json, augDocSetup.json, lawConfig.json, uappolConfig.json, UAlbertaSettings.json, hrsbsDocSetup.json, advConfig.json, hrsbsConfig.json, hrsConfig.json, hrsDocSetup.json, advSimplexMapping.json, advDocSetup.json, artsDocSetup.json, alesConfig.json, alesDocSetup.json, archiveFolder.json, artsConfig.json, advScanningMapping.json, collegeOfHealthSciencesConfig.json, chsAgreementsConfig.json, dropboxCommonAspects.json, collegeOfHealthSciencesDocSetup.json, chsAgreementsDocSetup.json, educationConfig.json, extensionConfig.json, fgsrv2DocSetup.json, foConfig.json, foDocSetup.json, educationDocSetup.json, lawDocSetup.json, nativeStudiesDocSetup.json, pllcConfig.json, pllcDocSetup.json, roConfig.json, fgsrv2Config.json, rsoConfig.json, rsoDocSetup.json, sciConfig.json, eTranscriptConfig.json, sciDocSetup.json, roDocSetup.json, sfsDocSetup.json, UAlbertaSettings.conf, student-recordsConfig.json, securityWorkflowSetting.json, thesisDepositConfig.json, globalHeader.html.ftl, webFormDialog.html.ftl, alfrescoUserGroupRequest.ftl, pensionBenefit.html.ftl, pinames.json, sponsornames.json, searchPageConfig.json, pcmDocSetup.json, pcmConfig.json, qaConfig.json, apsAppConfig.json, fgsrCreateApsFromCSV.json, fgsrCopyMetadata.json, enggCoopDocSetup.json, enggDocSetup.json, enggConfig.json, enggCoopConfig.json, CapApsConfig.json, extensionDocSetup.json, readme.html, readme_de.html, readme_ja.html, readme_fr.html, advEndowmentName.get.desc.xml, advEndowmentName.get.json.ftl, advEndowmentName.get.js, advEntityName.get.desc.xml, advEntityName.get.js, advEntityName.get.html.ftl, search.get.desc.xml, search.get.js, search.get.html.ftl, changeInitiatorAppt.put.desc.xml, eSignatureStatusHistory.get.html.ftl, changeInitiatorAppt.put.json.ftl, eSignatureStatusHistory.get.desc.xml, appointmentSubmit.get.js, processIdProps.get.desc.xml, changeInitiatorAppt.put.js, processIdProps.get.json.ftl, processIdProps.get.js, appointmentLandingPage.get.desc.xml, appointmentLandingPage.get.js, appointmentLandingPage.get.html.ftl, appointmentStart.get.desc.xml, appointmentStart.get.html.ftl, appointmentStart.get.js, appointmentStartTest.get.desc.xml, appointmentStartTest.get.js, appointmentStartTest.get.html.ftl, appointmentSubmit.get.desc.xml, appointmentSubmit.get.html.ftl, eSignatureStatusHistory.get.js, apsApplicationList.get.desc.xml, apsApplicationList.get.html.ftl, assignuser.put.js, assignuser.put.json.ftl, claimtask.put.desc.xml, claimtask.put.js, claimtask.put.json.ftl, completetask.post.desc.xml, completetask.post.json.ftl, completetask.post.js, getapsdbid.get.desc.xml, getapsdbid.get.json.ftl, gettasks.get.desc.xml, gettasks.get.json.ftl, assignuser.put.desc.xml, gettasks.get.js, savetask.post.desc.xml, savetask.post.js, savetask.post.json.ftl, taskForm.get.js, taskForm.get.desc.xml, tasklist.get.desc.xml, apsApplicationList.get.js, taskForm.get.json.ftl, tasklist.get.html.ftl.jquery, tasklist.get.html.ftl, tasklist.get.js, triggerapsprocess.post.desc.xml, triggerapsprocess.post.js, updatevariables.post.desc.xml.notused, triggerapsprocess.post.json.ftl, updatevariables.post.json.ftl.notused, getapsdbid.get.js, updatevariables.post.js.notused, taskUtils.js, apsGroupsConfig.json, apsSitesConfig.json, apptStepZeroStarter.post.desc.xml, apptStepZeroStarter.post.json.ftl, apptStepZeroStarter.post.js, apptStepOneStarter.post.desc.xml, apptStepOneStarter.post.js, apptStepOneStarter.post.json.ftl, apptStepOneSave.post.json.ftl, apptStepOneSave.post.desc.xml, apptStepOneSave.post.js, apptStatusDocUpdate.post.desc.xml, apptStatusDocUpdate.post.json.ftl, apptStatusDocUpdate.post.js, APSWorkflowStatus.get.desc.xml, APSWorkflowStatus.put.html.ftl, APSWorkflowStatus.get.html.ftl, APSWorkflowInfo.put.html.ftl, APSWorkflowStatus.put.desc.xml, APSWorkflowInfo.put.desc.xml, APSWorkflowStatus.get.js, APSWorkflowStatus.put.js, APSWorkflowInfo.put.js, NodeInfo.get.desc.xml, NodeInfo.get.html.ftl, capinfo.get.js, capstart.get.js, epsb.get.js, epsb.get.html.ftl, capstart.get.html.ftl, epsb.get.desc.xml, schoolboard.get.html.ftl, NodeInfo.get.js, NodeInfoByCapId.get.desc.xml, updateVariable.post.json.ftl, updateVariable.post.js, schoolboard.get.desc.xml, updateVariable.post.desc.xml, schoolboard.get.js, capinfo.get.html.ftl.backup, cap-file-load.post.json.ftl, NodeInfoByCapId.get.js, capinfo.get.html.ftl, capstart.get.desc.xml, cap-file-load.post.desc.xml, capinfo.get.desc.xml, cap-file-load.post.js, capeamergedoc.get.js, capeamergedoc.get.desc.xml, capeamergedoc.get.html.ftl, capConfig.js, chsEnv.js, chsConfig.js, chsAdminStuView.get.desc.xml, chsAdminStuView.get.html.ftl, chsAdminStuView.get.js, coupa.get.html.ftl, coupa.get.desc.xml, coupa.get.js, coveoGetDocList.get.desc.xml, coveoGetDocList.get.json.ftl, coveoGetDocList.get.js, getJson.get.desc.xml, getJson.get.js, getJson.get.json.ftl, simpleupload.post.desc.xml, simpleupload.post.json.ftl, simpleupload.post.js, consignoMessage.get.js, consignoWebhook.post.js, consignoWebhook.post.json.ftl, consignoMessage.get.desc.xml, consignoWebhook.post.desc.xml, consignoMessage.get.json.ftl, eSignDownload.get.js, eSignDownload.get.html.ftl, eSignDownload.get.desc.xml, review-supervisorv2.get.desc.xml, review-supervisorv2.get.js, review-supervisorv2.get.html.ftl, fgsrssgLanding.get.js, review-comm01v2.get.desc.xml, fgsrssgLanding.get.html.ftl, review-comm01v2.get.html.ftl, review-comm02v2.get.desc.xml, review-comm02v2.get.html.ftl, fgsrssgLanding.get.desc.xml, review-studentv2.get.html.ftl, review-comm03v2.get.html.ftl, review-comm03v2.get.desc.xml, review-studentv2.get.desc.xml, review-cosupervisorv2.get.html.ftl, review-comm02v2.get.js, review-startv2.get.desc.xml, review-studentv2.get.js, review-cosupervisorv2.get.js, review-startv2.get.js, review-student-revisionv2.get.html.ftl, review-student-revisionv2.get.desc.xml, review-startv2.get.html.ftl, review-comm03v2.get.js, review-cosupervisorv2.get.desc.xml, review-student-revisionv2.get.js, review-comm01v2.get.js, review-comm02.get.desc.xml, review-comm02.get.html.ftl, review-comm03.get.desc.xml, review-comm02.get.js, review-comm03.get.html.ftl, review-cosupervisor.get.desc.xml, review-cosupervisor.get.html.ftl, review-cosupervisor.get.js, review-nextdate.get.desc.xml, review-comm03.get.js, review-nextdate.get.js, review-student.get.html.ftl, review-student.get.js, review-student-revision.get.desc.xml, review-student.get.desc.xml, review-student-revision.get.js, review-studentTest.get.desc.xml, review-supervisor.get.desc.xml, review-studentTest.get.js, review-supervisor.get.html.ftl, review-supervisor.get.js, review-comm01.get.desc.xml, review-comm01.get.html.ftl, review-comm01.get.js, review-student-revision.get.html.ftl, review-nextdate.get.html.ftl, review-studentTest.get.html.ftl, guidelines-supervisor.get.desc.xml, guidelines-supervisor-revision.get.html.ftl, guidelines-start.get.desc.xml, guidelines-start.get.html.ftl, guidelines-start.get.js, guidelines-student.get.desc.xml, guidelines-student.get.html.ftl, guidelines-student-revision.get.js, guidelines-student-revision.get.desc.xml, guidelines-supervisor.get.html.ftl, guidelines-supervisor-revision.get.desc.xml, guidelines-student-revision.get.html.ftl, guidelines-student.get.js, guidelines-supervisor.get.js, guidelines-supervisor-revision.get.js, programExtensionScript.js, customScript.js, customCSS_FGSR2.css, customCSS_FGSR.css, fgsrEnv.js, FGSR-Forms-Config.js, config.js, googleAddon.get.json.ftl, googleAddon.get.desc.xml, googleAddon.get.js, gtaGraStatus.post.json.ftl, gtaGraStatus.post.js, gtaGraStatus.post.desc.xml, wfh-manager.get.desc.xml, wfh-form.get.js, wfh-manager.get.html.ftl, wfh-form.get.desc.xml, wfh-revise.get.desc.xml, wfh-revise.get.html.ftl, wfh-revise.get.js, wfh-seniormanager.get.desc.xml, wfh-manager.get.js, wfh-seniormanager.get.js, wfh-seniormanager.get.html.ftl, wfh-form.get.html.ftl, hrsbsDocumentLinking.get.desc.xml, hrsbsDocumentLinking.get.html.ftl, hrsbsDocumentLinking.get.js, coi-start.get.desc.xml, coi-start.get.html.ftl, coi-revise.get.html.ftl, coi-employee.get.html.ftl, coi-employee.get.desc.xml, coi-revise.get.desc.xml, coi-start.get.js, coi-revise.get.js, coi-supervisor.get.js, coi-supervisor.get.desc.xml, coi-employee.get.js, coi-supervisor.get.html.ftl, getTaskFilter.get.json.ftl, queryTasks.get.json.ftl, routableGroups.get.desc.xml, routableGroups.get.js, routableGroups.get.json.ftl, queryTasks.get.desc.xml, setTaskFilter.post.js, setTaskFilter.post.json.ftl, setTaskFilter.post.desc.xml, applyTaskAction.post.js, applyTaskAction.post.json.ftl, applyTaskAction.post.desc.xml, getTaskFilter.get.desc.xml, getTaskFilter.get.js, queryTasks.get.js, avmbrowse.get.desc.xml, avmbrowse.get.html.ftl, avmbrowse.get.js, avmstores.get.desc.xml, avmstores.get.html.ftl, blogsearch.get.atom.400.ftl, blogsearch.get.html.400.ftl, blogsearch.get.desc.xml, blogsearch.get.js, categorysearch.get.atom.404.ftl, blogsearch.get.html.ftl, categorysearch.get.html.404.ftl, categorysearch.get.js, categorysearch.get.html.ftl, categorysearch.get.desc.xml, folder.get.desc.xml, folder.get.html.ftl, folder.get.js, psDeptAll.get.js, psDeptSingle.get.json.ftl, psDeptSingle.get.js, psPerson.get.json.ftl, psUtil.js, psPerson.get.js, psAcademicDeptAll.get.desc.xml, psAcademicDeptAll.get.json.ftl, psAuthorizedApprover.get.desc.xml, psDeptAll.get.json.ftl, psAuthorizedApprover.get.js, psAuthorizedApprover.get.json.ftl, psDeptAll.get.desc.xml, psDeptSingle.get.desc.xml, psPerson.get.desc.xml, ceeb.get.desc.xml, ceeb.get.json.ftl, getSlateId.get.desc.xml, getSlateId.get.js, materials.get.json.ftl, materials.get.desc.xml, getSlateId.get.json.ftl, ceeb.get.js, materials.get.js, edit.get.html.ftl, edit.get.js, save.post.js, save.post.json.ftl, scans.get.desc.xml, scans.get.js, uploadfile.post.desc.xml, uploadfile.post.json.ftl, edit.get.desc.xml, uploadfile.post.js, scans.get.html.ftl, save.post.desc.xml, AFA_Main.post.desc.xml, AFA_MainFileOnly.post.desc.xml, AFA_MainFileOnly.post.js, AFA_Main.post.js, AFA_MainFileOnly.post.json.ftl, AFA_Main.post.json.ftl, paperFileUtil.get.desc.xml, paperFileUtil.get.js, paperFileUtil.get.html.ftl, rsoprojectdetails.get.html.ftl, rsoprojectdetails.get.js, rsoprojectdetails.get.desc.xml, roslateapplist.get.html.ftl, roslateapplist.get.desc.xml, roslateapplist.get.json.ftl, roslateexists.get.html.ftl, roslateexists.get.desc.xml, roslateapplist.get.js, roslateexists.get.js, uofaDepartmentList.get.desc.xml, uofaDepartmentList.get.js, uofaDepartmentList.get.html.ftl, uofaDepartmentName.get.desc.xml, uofaDepartmentName.get.html.ftl, uofaFacultyList.get.html.ftl, uofaFacultyList.get.desc.xml, uofaDepartmentName.get.js, uofapersonid.get.desc.xml, uofapersonidrest.get.html.ftl, uofapersonidrest.get.desc.xml, uofapersonid.get.html.ftl, uofapersonid.get.js, uofapersonidrest.get.js, uappolCategoryHeirarchy.get.desc.xml, uappolCategoryHeirarchy.get.json.ftl, uappol-metadata-query.get.desc.xml, uappol-metadata-query.get.js, uappol-metadata-query.get.json.ftl, uappolCategoryHeirarchy.get.js, siteFileViewer.get.desc.xml, siteFileViewerConfig.js, siteFileViewer.get.html.ftl, siteFileViewer.get.js, publicSiteFileViewer.get.html.ftl, publicSiteFileViewer.get.desc.xml, publicSiteFileViewer.get.js, cronJob.post.desc.xml, cronJob.post.js, cronJob.post.json.ftl, studentupload.get.html.ftl, generatereport.get.json.ftl, generatereport.get.desc.xml, approvethesis.post.js, generatereport.get.js, search-match-attach.get.js, search-match-list.get.html.ftl, search-match-result.get.html.ftl, search-match-result.get.js, search-match-list.get.js.old, chs-agreements.get.js, chs-agreements.get.html.ftl, chs-upload.get.html.ftl, chs-upload.get.js, uamytasks.config.get.js, chsStudentView.get.js, chsStudentView.get.html.ftl, foModel.xml, uofaDocTypes.xml, uofaDocTypes.json, foModel.json, tim-sops, FandO, cbsr, nanofab, support-documentation, Alfresco.zip - 1bf054bded99e2ae414154593d0892066b2e0c7add603f9321e157c77ae52075, https://www.virustotal.com/graph/embed/g05f1796a358b458d95751d31d1d529aa378f8ffadf0b4305b7fa0bd1c64fe228?theme=dark, https://www.virustotal.com/gui/collection/63819e07111e9665ba8602777d782527c54f3fad71ef36f977405a004484787c/iocs, https://viz.greynoise.io/analysis/0cd9177e-8328-4355-a2c0-d05704a64c72, components.zip - 2b91fcf852a5f1f57be71a269d82497b37c9f544ebd8f32aaa240e4cde0ffeea, https://www.virustotal.com/graph/embed/g2948a5c332eb4614973872a8243215f6aa1fba79749a48ea92806e9b934db91f?theme=dark, https://viz.greynoise.io/ip/analysis/2610b635-c05a-4f28-a112-7278de8fdf9b, Bitch-On-Wheels_files_md5s.csv, 832dde85e22a6de8081cdb46fcc7d8f2ae104bbdae54c5dc75d2a6272a0bd431, f66f2b730bec1c6927aa86503dfb22fc8d03a2f9e871ae6269d2a3ed29dc48e5, 902574c9ffd06678d769ae3db96b3957269c45617ad8e2feead4d02f5f3da106, https://hybrid-analysis.com/sample/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb, https://tria.ge/250729-s1vysaywgy, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3, https://polyswarm.network/scan/results/file/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/a3528542-a121-4351-91fe-de5aab327fe2/overview, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/3c22777d-9fa3-4d67-a00a-8aa505154874/overview, https://metadefender.com/results/file/bzI1MDcyOV9QRkdmNWZwSkhvMG11YWczRVZMRw_mdaas, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/5fdda54a-0164-4d4e-a248-d07ec3780d8a/overview, https://app.threat.zone/submission/ef60d9bd-bd97-4859-8e58-4f670d1f1783/overview, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/21f7ed2c-7815-49f0-8697-998b341df34a/overview, https://tip.neiki.dev/file/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb, https://hybrid-analysis.com/sample/f66f2b730bec1c6927aa86503dfb22fc8d03a2f9e871ae6269d2a3ed29dc48e5, https://hybrid-analysis.com/sample/902574c9ffd06678d769ae3db96b3957269c45617ad8e2feead4d02f5f3da106/6888ec5bd7a73585560d2ddd, https://hybrid-analysis.com/sample/832dde85e22a6de8081cdb46fcc7d8f2ae104bbdae54c5dc75d2a6272a0bd431/6888ec5cfd974c2a5b0f1cfa, https://hybrid-analysis.com/sample/12f05b32365a6fc40b30d108ea0dc730f662c6ee48c0feccf7cb43263a0a8166/6888ec5d423dabf7de0872d7, DISTINCTIO8.pdf, FileHash - SHA256 001f0ebe975b5f5a7e5272f53455635cc938a5a0129417f7e79c39df6cf65657 | Yara Detections: stack_string, IDS Detections: Win32/Tofsee.AX google.com connectivity check Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set, Tofsee: 'google.com' | https://www.gov50.icu |, ET TROJAN Win32/DarkWatchman Checkin Activity (POST) ( This is true. They sit around watching, following...), Alerts: procmem_yara injection_inter_process creates_largekey network_bind persistence_autorun antivm_generic_disk, Alerts: persistence_autorun_tasks spawns_dev_util cape_detected_threat injection_process_hollowing, hubt.pornhub.com | www.pornhub.com | pornative.com, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian || pin.it || https://pin.it/, www.sweetheartvideo.com || https://www.sweetheartvideo.com/tsara-brashears/, Unix.Trojan.Mirai-6981169-0: FileHash - SHA256 fe00b364b6b8342e3ce0dd146902ac3330ab976e87aca6be666efde39ea485da, IDS Detections: WGET Command Specifying Output in HTTP Headers, IDS Detections: D-Link Devices Home Network Administration Protocol Command Execution, Yara Detections: is__elf , DemonBot, Alerts: dead_host network_icmp tcp_syn_scan nolookup_communication writes_to_stdout, FileHash - SHA256 f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c, IDS Detections: Andariel Backdoor Activity (Checkin), Alerts: dead_host nids_malware_alert network_icmp nolookup_communication, DDoS:Linux/Gafgyt : FileHash - SHA256 358c2bd5b9e925dc23894dec18ce486c03d743cde766ce298ac1e2f00d86f0b2, IDS Detection: Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound, IDS Detection: Mirai Variant User-Agent (Inbound) WebShell Generic - wget http - POST, IDS Detection: Observed Suspicious UA (Hello-World) Suspicious Activity potential UPnProxy, http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/, https://tulach.cc/ || tulach.cc || www-temp.metrobyt-mobile.com, apple-reactivate.com | appleweb-aem.apple.com | apple.com | revoked-aprtr1-tr1g1.apple.com | network-framework.apple.com, autodiscover.webcompanion.com || avc-gft-dashboard.apple.com || cac1-wwfde-wave.apple.com || demo27.apple.com, * https://github.com/MSUDenverSystemsEngineering/Salt-Instructional-18/tree/master/AppDeployToolkit, https://tulach.cc/ | tulach.cc |, http://hallrender.com/attorney/brian-sabey | www-temp.metrobyt-mobile.com, google.pl | aplikacja.ceidg.gov.pl | imaginecup.pl | microsoft.pl, 18teen.net | teensnow.com | grannies-porn.net | pornmd.com, www.pornhubselect.com | pornhub.software, Payment - Ref Id- H3426584.doc FileHash SHA256 ed2914efddb8e8f4c89abf95faa32572d35b3cfdfb202266993f6e7624a2048c, The sandbox Zenbox flags this file as: EVADER, The sandbox Dr.Web vxCube flags this file as: MALWARE EXPLOIT, IDS: Matches rule SURICATA STREAM Packet with invalid ack, IDS: Matches rule SURICATA STREAM SHUTDOWN RST invalid ack, YARA: Office_Document_with_VBA_Project from ruleset Office_Document_with_VBA_Project by InQuest Labs, YARA: Microsoft_Office_Documents_Excessive_Variables from ruleset Microsoft_Office_Documents_Excessive_Variables by InQuest Labs, Dr. Web known infection source, Emotet download site = dirt search.org / aws.dev and other related DGA’s (active), Xcitium Verdict Cloud government & legal - https://www.dirtsearch.org/data/TSARA/BRASHEARS/, DirtSearch.org | BitDefender business | Forcepoint ThreatSeeker reference materials | Xcitium Verdict Cloud government & legal, Verdict: Defense Law Firm | malicious tools / agitators, https://github.com/Abjuri5t/SarlackLab/raw/refs/heads/main/IOCs.csv, https://github.com/Abjuri5t/SarlackLab/tree/main/IOCs.csv/, https://abjuri5t.github.io/SarlackLab/, https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore //, https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_ste, https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat // ak, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, All - EnterpriseAppsList.csv, AppRegistrationList.csv, https://tria.ge/240517-vc7c1shc62/behavioral1, https://tria.ge/240517-vdwb5shc71/behavioral1, https://tria.ge/240517-vqxezaaa33/behavioral1, https://tria.ge/240517-t9pc2ahb2t, https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary, https://www.filescan.io/uploads/66479b483313f70f0afe3dbb, https://www.filescan.io/uploads/664799c9d5c40bffee6106d7, Thor Scan: S-I9VvMTB6cZU, https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview, https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview, https://imp0rtp3.wordpress.com/2021/08/12/tetris/, https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview, https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview, https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview, https://tria.ge/240521-q4s79agb25/static1, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093, https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview, https://www.filescan.io/uploads/666d69ff6b8dba248b414767, https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3, https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b, Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2, https://www.hudsonrock.com/search?domain=ualberta.ca, https://www.criminalip.io/domain/report?scan_id=13798622, https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24, https://urlscan.io/search/#ualberta.ca, https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs, https://sitereport.netcraft.com/?url=http://ualberta.ca, https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/, https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll, https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark, https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22, https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22, https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22, https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List, https://www.virustotal.com/graph/embed/gf794b7e0cba442578197356822e0457b8d920ff9ea32461e85ddb716b3c771cf?theme=dark, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/iocs, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/graph, https://www.virustotal.com/gui/collection/0b3c0a84782018d8bafc47ebd40c4eaf993f40ca3de61aa98eb15302a7a80b04/summary, https://asnlookup.com/asn/AS852/, https://viz.greynoise.io/analysis/7a369df9-bcbf-4540-ad0f-6d52c0c55cdb, https://www.virustotal.com/graph/embed/gbe89575feac440f0b831e98562c12d0534475b1006e54221acffc624919deef7?theme=dark, https://urlscan.io/search/#page.asn%3AAS852, https://viz.greynoise.io/analysis/8be38b3f-73d9-4f4c-bb64-508ee329596e, https://dnschecker.org/asn-whois-lookup.php?query=AS852, https://mxtoolbox.com/SuperTool.aspx?action=asn%3aAS852&run=toolpage, https://viz.greynoise.io/query/AS852, https://viz.greynoise.io/query/AS852%20classification:%22malicious%22, https://ipinfo.io, https://viz.greynoise.io/analysis/1ba1e524-0d96-4cc6-9426-d01abbe75443, https://bgp.tools/as/852, https://www.ipvoid.com/whois/, https://urlscan.io/search/#asn%3A%22AS852%22, https://dnschecker.org/asn-whois-lookup.php?query=852, https://leakix.net/search?scope=leak&q=telus.com, http://ci-www.threatcrowd.org/domain.php?domain=telus.com, https://intelx.io/?s=telus.com, https://whiteintel.io/, https://inteltechniques.com/tools/Domain.html, https://informationlaundromat.com/content-search, https://urlhaus.abuse.ch/asn/852, https://bgp.he.net/AS852#_prefixes, https://dnstwist.it/#9966d7b4-2d66-4349-9129-21d2adc26c89, https://urlscan.io/search/#asn:%22AS852%22, 08.05.24 - https://viz.greynoise.io/query/AS852, https://urlscan.io/asn/AS852, https://www.telus.com/en/ab/outages?INTCMP=contactus_outage_AB_V2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/66b3cdc9971b263122bd14db, https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs, https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark, https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551, https://twitter.com/SarlackLab/status/1790201706866749648, https://twitter.com/SarlackLab/status/1790215703665991908, https://twitter.com/SarlackLab/status/1790216835746443485, https://twitter.com/SarlackLab/status/1790230765407518966, https://twitter.com/SarlackLab/status/1790411866226802933, https://twitter.com/SarlackLab/status/1790451440743251974, https://twitter.com/SarlackLab/status/1790463998460092631, https://www.virustotal.com/gui/file/af5c8ddce4579cd9b267ba0ad91a9fdb219971e44a738f4048b1f11d8f55b9f5/detection, https://quetzalteam.substack.com/p/malware-and-taxes, http://videolal.com/tsara-brashears-dead.html • http://videolal.com/ •, http://systemforex.de/search/redirect.php?f= | http://it.marksypark.com | dont-delete.hugedomains.com | http://selfsparkcentral.com, [email protected] contain a resource (.rsrc) section [email protected] | Pattern match: "[email protected]" & "[email protected]", FormBook: 104.247.81.53 • http://www.nimtax.com/k9/,Formbook,Medium,9/9/2019,1/7/2020, Win32:CrypterX-gen\ [Trj] | FileHash-MD5 6878e9896fdd84dcc11c997c9b7330ba, Win32:CrypterX-gen\ [Trj] | FileHash-SHA1 2e586f8db46953532b5e25e07add4dbaeea83a79, Win32:CrypterX-gen\ [Trj] | FileHash-SHA256 00027d11309d55312ae77f32d4ae79671c91f541e577bace7a5a5abde05563ad, Win32/Renos: https://otx.alienvault.com/malware/ALF:JASYP:TrojanDownloader:Win32%2FRenos/, Other:Malware-gen\ [Trj] | FileHash-MD5 b5168dab50187b33460201b35b96dea7, Other:Malware-gen\ [Trj] | FileHash-SHA1 68868b3d0115e3d06f5fddb9d2ea6ad54270166c, Other:Malware-gen\ [Trj] | FileHash-SHA256 0000ba467dd40046e240c11251d9db03636d0e7c6f9f96354a46a441c2003143, allocates_execute_remote_process • injection_write_memory • injection_resumethread • packer_entropy • network _icmp • injection_runpe, injection_write_memory_exe • injection_ntsetcontextthread • dumped_buffer • checks_debugger • generates_crypto_key • antivm_memory_available, CnC IP Addresses: 104.247.81.53 • 185.64.219.6 • 199.191.50.82 • 203.107.45.167 • 91.195.240.94 • 167.235.143.33, AA47 More AV Detection Ratio 984 / 1000 IDS Detections Win32.Renos/ArtroMALWARETrojan Checkin M1 Possible Fake AV Checkin Fakealert. AA47 More AV Detection Ratio 984 / 1000 IDS Detections /Trojan Checkin M1 Possible Fake AV Checkin Fakealert., Videolal: 18.119.154.66:80 (endpoint request) • 54.209.32.212 • http://videolal.com (phishing) • http://videolal.com/ • videolal.com • www.videolal.com •, www.videolal.com • httpvideolal.com • https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-sexual-misconduct.html, https://www.hugedomains.com/domain_profile.cfm?d=videolal.com • https://www.hugedomains.com/domain_profile.cfm?d=videolal.com", https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html •, https://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-sexual-misconduct-miscinception.html, https://videolal.com/videos/tsara-brashears-assaulted-by-jeffrey-reimer-metlife-login-retirement.html • https://videolal.com/css/js/jquery-ui.min.js, https://videolal.com/videos/tsara-brashears-dead-by-daylight.html • https://videolal.com/css/jquery-ui.css • http://videolal.com/tsara-brashears.html, http://videolal.com/tsara-brashears-dead.html • http://videolal.com/tsara-brashears.html • http://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html, http://videolal.com/videos/jeffrey-reimer-dpt-assaulted-tsara-brashears-massage-misconduct-miscinception.html, http://videolal.com/jeffrey-reimer-dpt-sexual-misconduct.html • http://videolal.com/tsara-brashears.html, http://videolal.com/tsara-brashears-dead-or-alive-song-rap.html • http://videolal.com/the-man-who-built-america-1.html, http://videolal.com/the-man-who-built-america-1.html • http://videolal.com/pinnacol-assurance-assaulted-by-jeffrey-, http://videolal.com/jeffrey-reimer-dpt-physical-therapy-assaulted-patient.html • http://videolal.com/jeff-reimer-, http://videolal.com/jeffrey-reimer-dpt-assaulted-tsara-brashears-denver.html •, http://videolal.com/jeff-reimer-dpt-buys-assault-victims-silence.html • http://videolal.com/jeffrey-reimer-dpt-assaulted-tsara-brashears-denver.html, https://otx.alienvault.com/otxapi/indicators/file/screenshot/4998a7eac2a056833d01ee1e60c68c1f83f9ad6cd790ced9511e73cc12780f3c, https://otx.alienvault.com/malware/Trojan:Win32%2FCrypterX/, →https://otx.alienvault.com/pulse/65eedf74b7bdda41057bef3e, →https://otx.alienvault.com/pulse/65ef3723d27863fc33a6b671, →https://otx.alienvault.com/pulse/65e85fd4842119fff4e327cf, →https://otx.alienvault.com/pulse/65e843669f4ba77affa4b297, https://www.crccolorado.com/dr-adam-sang, CS IDS Rules: MALWARE Possible Compromised Host, CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz, CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt, CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses, CS IDS Rules: ET AnubisNetworks Sinkhole Cookie Value btst, http://www.defi-realty.com/jem9/ [phishing], http://45.159.189.105/bot/regex [phishing | tracking], https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing | data collection| browser vulnerability], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [password decryption], https://www.sentinelone.com/blog/going-deep-a-guide-to-reversing-smoke-loader-malware/, https://attack.mitre.org/software/S0226/, http://watchhers.net/index.php. [ data collection], remotewd.com, https://remote.krogerlaw.com, device-local-7e6b3aa6-e3de-4e8f-9213-9f15c92d1d81.remotewd.com, www.pornhub.com [password decryption], www.supernetforme.com [CnC], ddos.dnsnb8.net [CnC], http://happylifehappywife.com/wp-content/themes/theme78222/images/top-right.jpg [phishing], http://amaiorpascoadetodas2.com/cgi-sys/suspendedpage.cgi?smart-tv-led-55-samsung-55ru7100-ultra-hd-4k-com-conversor-digital-3-hdmi-2-usb-wi-fi-visual-livre-de-cabos-controle-remoto-%C3%9Anico-e-bluetooth-&skullid=539293743, http://url7639.ascglobal-email.com/wf/open?upn=HDu-2BON2WuckNVJ2U1s3AlMizU2CbfEvFl7S9TXTdQm2nLS-2F0QX6mc4PxuUDVyCyIzMeTvJRSiC633rEV-2B8mukshW0CHiC-2FvQOWOgJR6RGOtzDWutJV4OtjBHGduMDUigvEESSJQD8KXk1UU3bXtRdyd7QpBC-2F7Ti-2Bq6tNr1C4yz-2FXcUbYvtJX4ip5d5t5eXud233BW97tdcojPu0yKWZ0Zm2DyXbj1RIwt-2FO0RcYLC7feNtrpw6OxBd8r4Tc3uHoT7Z9NFErDUBbBuYpsze-2FiBRziGeeMExS5l82Xna4au56co0IdOcfscmwGtC-2BxD3xiJW4v560wXMZQU0G9hqqPVeYTnwZwyfebBz1KLSW-2BIJtHMF6DCNHhatvrb3WM84-2BGpgCxOK1dFKPiKsmPzSc-2BdCAO9BzU3K6G7EaDYNu2cRHdGmat-2BCJs, https://darkforums.me/Thread-Check-Any-Indian-Vehicle-Owner-Details-home-address-phone-number [Whoa Nelly!], https://us-bankofamerica.com/PhoneVerification.php/, http://www.w3.org/TR/html4/loose.dtd | www.w3.org [collection], http://dl.ariamobile.net/mobile/2008.10.a/applications/My_Phone-v2.01-S60v3-[wWw.Ariamobile.Net].zip, http://iphones.email [redirection chain], *Patient PII & PHI at critical risk, voyour-cams.xww.de, https://otx.alienvault.com/malware/Worm:Win32%2FBenjamin/samples, https://www.malwarebytes.com/blog/news/2022/10/raspberry-robin-worm-used-as-ransomware-prelude

`64.190.63.222`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy