Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 22, 2023, 9:01 a.m.	June 22, 2023, 9:03 a.m.

Size	404.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`0b359f7313105869be34d6abe847c38b`
SHA256	`2d4627af839c6b59921cd5aa0aac4c9231dd8ff72a3465521cf7c516e2283539`
CRC32	`34857563`
ssdeep	`6144:WpkXGhfZ2DXQfQDz+uImr8SbCp6Hs0Z0ku1LEhJXqgia4wclye433bFTW:vqugI2VOopP062nElye4HbFTW`
Yara	UPX_Zero - UPX packed file NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

DaHost.exe "C:\Users\test22\AppData\Local\Temp\DaHost.exe"
2560
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
cdn.discordapp.com	A 162.159.135.233 A 162.159.134.233 A 162.159.129.233 A 162.159.130.233 A 162.159.133.233	162.159.134.233

IP Address	Status	Action
162.159.135.233	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2035466	ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)	Misc activity
TCP 192.168.56.101:49164 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49165 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49165 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49165 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49164 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49169 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49164 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49169 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49172 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49169 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49172 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49169 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49172 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49177 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49177 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49180 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49173 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49180 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49177 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49180 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49173 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49180 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49184 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49184 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49184 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49204 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49192 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49204 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49185 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49185 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49192 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49185 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49192 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49209 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49209 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49209 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49188 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49188 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49257 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49257 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49197 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49216 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49197 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49197 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49216 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49197 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49260 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49260 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49200 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49260 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49233 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49200 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49264 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49249 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49213 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49249 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49249 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49213 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49272 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49213 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49272 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49253 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49253 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49253 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49220 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49273 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49273 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49273 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49256 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49272 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49256 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49221 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49221 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49277 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49277 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49277 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49221 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49269 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49225 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49269 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49225 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49225 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49292 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49292 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49292 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49228 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49276 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49228 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49276 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49301 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49301 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49301 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49288 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49245 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49245 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49301 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49288 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49245 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49288 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49309 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49309 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49293 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49309 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49293 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49168 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49293 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49261 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49168 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49168 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49297 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49297 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49328 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49328 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49297 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49328 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49328 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49176 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49189 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49304 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49176 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49304 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49189 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49176 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49304 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49189 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49176 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49280 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49317 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49281 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49317 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49281 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49317 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49281 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49201 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49345 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49201 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49345 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49321 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49345 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49321 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49321 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49236 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49349 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49236 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49349 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49300 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49353 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49300 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49353 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49349 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49236 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49300 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49353 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49181 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49181 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49360 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49240 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49308 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49360 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49365 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49181 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49240 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49308 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49365 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49360 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49181 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49308 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49240 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49365 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49361 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49361 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49368 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49241 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49361 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49368 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49193 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49341 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49241 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49193 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49341 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49368 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49193 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49364 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49341 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49364 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49252 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49364 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49252 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49196 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49196 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49252 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49380 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49341 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49380 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49196 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49369 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49252 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49369 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49380 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49196 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49369 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49344 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49344 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49380 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49205 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49344 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49268 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49373 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49205 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49373 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49344 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49205 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49373 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49268 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49373 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49404 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49268 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49208 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49404 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49388 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49404 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49208 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49388 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49376 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49388 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49376 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49376 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49232 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49376 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49232 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49389 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49389 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49389 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49381 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49389 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49381 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49425 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49425 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49381 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49237 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49312 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49237 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49425 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49312 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49397 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49397 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49237 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49312 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49397 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49237 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49396 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49425 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49396 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49316 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49396 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49316 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49397 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49244 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49396 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49316 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49428 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49244 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49428 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49428 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49320 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49248 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49320 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49320 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49412 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49212 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49412 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49444 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49428 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49444 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49333 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49444 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49333 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49412 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49440 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49333 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49412 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49461 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49461 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49217 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49461 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49416 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49416 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49416 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49217 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49340 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49340 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49340 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49440 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49476 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49476 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49340 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49224 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49424 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49476 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49424 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49476 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49424 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49348 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49348 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49481 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49348 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49229 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49481 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49432 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49432 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49481 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49432 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49481 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49229 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49356 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49356 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49441 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49488 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49441 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49488 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49356 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49441 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49488 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49496 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49496 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49448 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49448 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49496 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49284 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49448 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49284 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49440 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49284 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49456 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49456 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49456 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49305 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49305 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49445 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49445 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49305 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49460 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49413 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49445 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49460 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49413 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49496 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49460 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49413 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49324 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49324 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49500 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49464 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49500 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49421 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49324 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49421 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49449 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49500 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49464 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49449 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49421 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49285 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49325 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49421 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49449 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49325 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49325 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49325 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49289 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49452 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49289 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49452 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49289 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49452 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49468 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49512 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49468 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49336 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49512 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49336 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49296 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49468 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49512 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49296 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49464 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49296 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49504 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49336 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49504 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49473 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49468 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49473 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49504 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49473 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49473 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49477 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49477 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49372 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49477 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49489 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49296 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49516 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49489 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49516 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49489 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49516 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49489 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49516 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49480 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49480 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49492 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49492 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49480 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49492 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49313 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49313 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49485 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49493 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49485 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49493 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49313 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49485 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49493 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49513 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49513 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49513 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49508 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49329 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49508 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49329 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49508 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49329 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49509 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49520 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49509 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49520 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49509 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49520 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49332 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49332 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49520 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49332 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49524 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49524 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49524 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49352 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49524 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49352 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49352 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49357 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49357 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49357 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49357 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49377 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49377 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49377 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49385 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49385 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49385 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49385 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49393 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49393 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49393 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49405 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49405 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49405 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49405 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49408 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49408 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49408 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49409 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49409 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49409 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49408 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49417 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49417 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49417 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49420 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49420 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49420 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49433 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49433 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49433 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49433 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49436 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49436 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49436 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49436 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49457 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49457 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49457 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49465 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49465 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49465 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49472 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49472 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49472 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49472 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49484 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49484 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49484 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49497 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49497 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49497 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49372 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49517 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49517 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49372 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49517 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49372 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49525 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49525 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49525 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49384 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49384 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49384 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49392 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49392 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49400 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49400 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49400 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49401 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49401 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49401 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49429 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49429 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49429 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49429 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49437 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49437 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49437 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49453 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49453 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49453 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49469 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49469 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49469 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49469 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49501 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49501 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49501 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49505 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49505 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49505 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49521 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49521 -> 162.159.135.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49521 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49521 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49252 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49460 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49356 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49281 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49360 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49221 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49181 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49485 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49397 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49496 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49313 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49380 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49493 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49409 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49293 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49489 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49468 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49492 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49444 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49317 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49412 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49425 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49345 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49488 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49508 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49456 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49192 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49476 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49373 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49256 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49292 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49188 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49464 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49344 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49341 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49445 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49165 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49213 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49297 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49504 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49216 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49272 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49376 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49368 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49513 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49169 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49449 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49432 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49320 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49180 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49300 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49257 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49168 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49520 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49249 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49369 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49333 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49416 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49389 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49481 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49209 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49253 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49461 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49428 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49268 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49261 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49288 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49204 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49177 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49316 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49473 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49340 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49404 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49524 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49509 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49448 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49512 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49164 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49328 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49413 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49304 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49388 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49396 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49301 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49225 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49260 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49269 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49452 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49245 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49440 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49516 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49197 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49441 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49421 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49312 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49173 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49361 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49357 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49472 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49237 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49433 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49497 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49436 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49332 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49405 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49289 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49457 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49196 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49417 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49244 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49208 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49248 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49193 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49352 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49296 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49465 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49285 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49232 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49408 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49205 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49385 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49429 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49284 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49437 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49372 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49336 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49212 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49384 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49501 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49392 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49400 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49305 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49453 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49217 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49505 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49325 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49201 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49176 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49229 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49469 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49401 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49521 -> 162.159.135.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 22, 2023, 9:01 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 19833 events)

Time & API	Arguments	Status
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c9 ea 88 8c f2 33 e1 cb d3 74 3d 67 9a 59 cd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f87cc2 registers.esp: 57601904 registers.edi: 108 registers.eax: 9825200 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 83345845	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 03 d1 51 16 24 29 4c 5a 7c b3 00 85 d2 5f 81 exception.instruction: jnp 0x4f87cfc exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f87cf7 registers.esp: 57601896 registers.edi: 57601892 registers.eax: 9825200 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc d2 0e 9e 05 ef 56 84 03 e9 a8 70 d2 15 c2 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f87d20 registers.esp: 57601896 registers.edi: 109792 registers.eax: 9825200 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 83345845	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 06 d6 05 85 54 af 68 88 e5 00 f7 c2 62 60 bd exception.instruction: jg 0x4f87d7a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f87d72 registers.esp: 57601884 registers.edi: 256 registers.eax: 57601880 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 83345845	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1a d6 b7 e3 10 9f 0e eb 03 00 5a c7 85 3b 02 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f87dac registers.esp: 57601888 registers.edi: 109792 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 5454 registers.ebx: 3061550741 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b ca 85 85 da 31 78 bd 6a 16 42 1b 0b 0e 15 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f87df8 registers.esp: 57601888 registers.edi: 109792 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 1995596250 registers.ebx: 1959 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0e cc c2 fd 87 f0 03 69 ee 82 7d 5c 51 95 8c exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f87e3d registers.esp: 57601896 registers.edi: 109792 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 1995596250 registers.ebx: 3061550741 registers.esi: 60125 registers.ecx: 182	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc cc ad fc 01 0d d0 48 df 18 bc 8c b4 a0 56 e5 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f87e81 registers.esp: 57601900 registers.edi: 12288 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 1995596250 registers.ebx: 3061550741 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 02 d0 88 52 d4 db 71 f2 e6 0e 43 00 66 39 d1 exception.instruction: jg 0x4f87f25 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f87f21 registers.esp: 57601880 registers.edi: 57601876 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 1995596250 registers.ebx: 57602268 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 03 d3 1a 58 8e 69 80 60 8e 23 2d 71 00 f6 c4 exception.instruction: js 0x4f87f87 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f87f82 registers.esp: 57601880 registers.edi: 57601876 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 1995596250 registers.ebx: 57602268 registers.esi: 256 registers.ecx: 182	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 04 d5 b0 60 4c 86 00 39 c2 5a 80 fd d9 5e cc exception.instruction: jbe 0x4f87fc5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f87fbf registers.esp: 57601880 registers.edi: 109792 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 57601876 registers.ebx: 57602268 registers.esi: 256 registers.ecx: 182	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc d6 30 b7 82 98 1c 14 a6 7f e5 81 c3 41 e9 59 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f87fce registers.esp: 57601888 registers.edi: 109792 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 1995596250 registers.ebx: 57602268 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 19 d2 93 75 11 b5 3b a1 45 17 84 19 c4 00 59 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f88009 registers.esp: 57601884 registers.edi: 109792 registers.eax: 1995635376 registers.ebp: 57601944 registers.edx: 1995596250 registers.ebx: 57602272 registers.esi: 1995838602 registers.ecx: 27731	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 02 db fa 06 00 38 fe 5f 66 39 da 58 61 83 bd exception.instruction: je 0x4f88079 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88075 registers.esp: 57601896 registers.edi: 57601892 registers.eax: 256 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 83394636	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc db 56 77 aa 52 b8 05 34 69 eb 50 b8 ee 1e 79 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f88090 registers.esp: 57601936 registers.edi: 109792 registers.eax: 9825200 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 83345845	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 18 ca f7 9b 1d 98 a8 cb d2 6f de e5 c6 f6 8e exception.instruction: mov dword ptr [eax], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f880ab registers.esp: 57601932 registers.edi: 109792 registers.eax: 52368 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 83345845	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 06 d3 ed d7 43 f2 23 4c fc 78 d0 74 00 81 fb exception.instruction: ja 0x4f880f7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f880ef registers.esp: 57601928 registers.edi: 109792 registers.eax: 234853675 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 256 registers.esi: 57601924 registers.ecx: 83345845	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 09 cb 72 2d 05 31 6d c8 00 49 16 26 22 59 25 exception.instruction: jl 0x4f88179 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f8816e registers.esp: 57601924 registers.edi: 109792 registers.eax: 57601920 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 08 cc 02 23 40 69 c0 9f 2e ab 35 4b ce 8d 6f exception.instruction: jle 0x4f881b7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f881ad registers.esp: 57601924 registers.edi: 57601920 registers.eax: 256 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 83345845	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 04 ce 17 84 46 b7 75 cc 58 f8 24 2a d6 bc 26 exception.instruction: jl 0x4f88208 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88202 registers.esp: 57601920 registers.edi: 109792 registers.eax: 4 registers.ebp: 57601944 registers.edx: 57601916 registers.ebx: 83341312 registers.esi: 256 registers.ecx: 58654724	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c8 32 76 05 ce 16 ce 63 50 fd 38 7b 65 60 22 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f88231 registers.esp: 57601932 registers.edi: 109792 registers.eax: 4 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654724	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 0d ce 0a 88 c9 2e 6c 31 d1 f8 49 ef 28 85 9b exception.instruction: jbe 0x4f88282 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88273 registers.esp: 57601924 registers.edi: 57601920 registers.eax: 2190711513 registers.ebp: 57601944 registers.edx: 256 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654724	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 30 c8 c8 f6 b5 5b 97 63 e0 0e 10 5a 23 f2 2a exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f882b9 registers.esp: 57601928 registers.edi: 109792 registers.eax: 13081 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654724	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 09 cb 72 2d 05 31 6d c8 00 49 16 26 22 59 25 exception.instruction: jl 0x4f88179 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f8816e registers.esp: 57601924 registers.edi: 109792 registers.eax: 57601920 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 08 cc 02 23 40 69 c0 9f 2e ab 35 4b ce 8d 6f exception.instruction: jle 0x4f881b7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f881ad registers.esp: 57601924 registers.edi: 57601920 registers.eax: 256 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654724	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 04 ce 17 84 46 b7 75 cc 58 f8 24 2a d6 bc 26 exception.instruction: jl 0x4f88208 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88202 registers.esp: 57601920 registers.edi: 109792 registers.eax: 8 registers.ebp: 57601944 registers.edx: 57601916 registers.ebx: 83341312 registers.esi: 256 registers.ecx: 58654728	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c8 32 76 05 ce 16 ce 63 50 fd 38 7b 65 60 22 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f88231 registers.esp: 57601932 registers.edi: 109792 registers.eax: 8 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654728	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 0d ce 0a 88 c9 2e 6c 31 d1 f8 49 ef 28 85 9b exception.instruction: jbe 0x4f88282 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88273 registers.esp: 57601924 registers.edi: 57601920 registers.eax: 2190711513 registers.ebp: 57601944 registers.edx: 256 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654728	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 30 c8 c8 f6 b5 5b 97 63 e0 0e 10 5a 23 f2 2a exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f882b9 registers.esp: 57601928 registers.edi: 109792 registers.eax: 13081 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654728	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 09 cb 72 2d 05 31 6d c8 00 49 16 26 22 59 25 exception.instruction: jl 0x4f88179 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f8816e registers.esp: 57601924 registers.edi: 109792 registers.eax: 57601920 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 08 cc 02 23 40 69 c0 9f 2e ab 35 4b ce 8d 6f exception.instruction: jle 0x4f881b7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f881ad registers.esp: 57601924 registers.edi: 57601920 registers.eax: 256 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654728	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 04 ce 17 84 46 b7 75 cc 58 f8 24 2a d6 bc 26 exception.instruction: jl 0x4f88208 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88202 registers.esp: 57601920 registers.edi: 109792 registers.eax: 12 registers.ebp: 57601944 registers.edx: 57601916 registers.ebx: 83341312 registers.esi: 256 registers.ecx: 58654732	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c8 32 76 05 ce 16 ce 63 50 fd 38 7b 65 60 22 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f88231 registers.esp: 57601932 registers.edi: 109792 registers.eax: 12 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654732	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 0d ce 0a 88 c9 2e 6c 31 d1 f8 49 ef 28 85 9b exception.instruction: jbe 0x4f88282 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88273 registers.esp: 57601924 registers.edi: 57601920 registers.eax: 2190711513 registers.ebp: 57601944 registers.edx: 256 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654732	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 30 c8 c8 f6 b5 5b 97 63 e0 0e 10 5a 23 f2 2a exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f882b9 registers.esp: 57601928 registers.edi: 109792 registers.eax: 13081 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654732	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 09 cb 72 2d 05 31 6d c8 00 49 16 26 22 59 25 exception.instruction: jl 0x4f88179 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f8816e registers.esp: 57601924 registers.edi: 109792 registers.eax: 57601920 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 08 cc 02 23 40 69 c0 9f 2e ab 35 4b ce 8d 6f exception.instruction: jle 0x4f881b7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f881ad registers.esp: 57601924 registers.edi: 57601920 registers.eax: 256 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654732	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 04 ce 17 84 46 b7 75 cc 58 f8 24 2a d6 bc 26 exception.instruction: jl 0x4f88208 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88202 registers.esp: 57601920 registers.edi: 109792 registers.eax: 16 registers.ebp: 57601944 registers.edx: 57601916 registers.ebx: 83341312 registers.esi: 256 registers.ecx: 58654736	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c8 32 76 05 ce 16 ce 63 50 fd 38 7b 65 60 22 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f88231 registers.esp: 57601932 registers.edi: 109792 registers.eax: 16 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654736	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 0d ce 0a 88 c9 2e 6c 31 d1 f8 49 ef 28 85 9b exception.instruction: jbe 0x4f88282 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88273 registers.esp: 57601924 registers.edi: 57601920 registers.eax: 2190711513 registers.ebp: 57601944 registers.edx: 256 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654736	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 30 c8 c8 f6 b5 5b 97 63 e0 0e 10 5a 23 f2 2a exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f882b9 registers.esp: 57601928 registers.edi: 109792 registers.eax: 13081 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654736	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 09 cb 72 2d 05 31 6d c8 00 49 16 26 22 59 25 exception.instruction: jl 0x4f88179 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f8816e registers.esp: 57601924 registers.edi: 109792 registers.eax: 57601920 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 08 cc 02 23 40 69 c0 9f 2e ab 35 4b ce 8d 6f exception.instruction: jle 0x4f881b7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f881ad registers.esp: 57601924 registers.edi: 57601920 registers.eax: 256 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654736	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 04 ce 17 84 46 b7 75 cc 58 f8 24 2a d6 bc 26 exception.instruction: jl 0x4f88208 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88202 registers.esp: 57601920 registers.edi: 109792 registers.eax: 20 registers.ebp: 57601944 registers.edx: 57601916 registers.ebx: 83341312 registers.esi: 256 registers.ecx: 58654740	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c8 32 76 05 ce 16 ce 63 50 fd 38 7b 65 60 22 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4f88231 registers.esp: 57601932 registers.edi: 109792 registers.eax: 20 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654740	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 0d ce 0a 88 c9 2e 6c 31 d1 f8 49 ef 28 85 9b exception.instruction: jbe 0x4f88282 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88273 registers.esp: 57601924 registers.edi: 57601920 registers.eax: 2190711513 registers.ebp: 57601944 registers.edx: 256 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654740	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 30 c8 c8 f6 b5 5b 97 63 e0 0e 10 5a 23 f2 2a exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4f882b9 registers.esp: 57601928 registers.edi: 109792 registers.eax: 13081 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654740	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 09 cb 72 2d 05 31 6d c8 00 49 16 26 22 59 25 exception.instruction: jl 0x4f88179 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f8816e registers.esp: 57601924 registers.edi: 109792 registers.eax: 57601920 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 08 cc 02 23 40 69 c0 9f 2e ab 35 4b ce 8d 6f exception.instruction: jle 0x4f881b7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f881ad registers.esp: 57601924 registers.edi: 57601920 registers.eax: 256 registers.ebp: 57601944 registers.edx: 83341312 registers.ebx: 83341312 registers.esi: 1995838602 registers.ecx: 58654740	1
__exception__ June 22, 2023, 9:01 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 04 ce 17 84 46 b7 75 cc 58 f8 24 2a d6 bc 26 exception.instruction: jl 0x4f88208 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4f88202 registers.esp: 57601920 registers.edi: 109792 registers.eax: 24 registers.ebp: 57601944 registers.edx: 57601916 registers.ebx: 83341312 registers.esi: 256 registers.ecx: 58654744	1

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 22, 2023, 9:01 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:01 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 9:01 a.m.	process_identifier: 2560 region_size: 22654976 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ea0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:01 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:55 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003ec0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Tristich.lnk
file	C:\Users\test22\AppData\Local\Temp\nsw26D.tmp\System.dll

Creates hidden or system file (3 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW June 22, 2023, 9:01 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem filepath: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem		0	0
SetFileAttributesW June 22, 2023, 9:01 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem filepath: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem		0	0
SetFileAttributesW June 22, 2023, 9:01 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem filepath: C:\Windows\resources\fluidible\temptsome\Brkagernes26\philanthropinist.mem		0	0

Creates a shortcut to an executable file (2 events)

file	C:\Users\test22\AppData\Local\Tristich.lnk
file	C:\Windows\System32\udfrings\drejebnke.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsw26D.tmp\System.dll

Queries for potentially installed applications (50 out of 438 events)

Time & API	Arguments	Return
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\mem base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mem	2
RegOpenKeyExW June 22, 2023, 9:01 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\boulevards	2

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA June 22, 2023, 9:01 a.m.	service_handle: 0x00967df8 service_type: 48 service_status: 3	1	1	0

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Inject.1b!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Generic.33949365
Malwarebytes	Trojan.GuLoader
Sangfor	Trojan.Win32.Injector.Vhdi
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Injector.8c53914b
K7GW	Trojan ( 005903451 )
K7AntiVirus	Trojan ( 005903451 )
Arcabit	Trojan.Generic.D20606B5
Cyren	W32/Injector.EORS-8201
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	NSIS/Injector.ASH
Cynet	Malicious (score: 99)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Inject.gen
BitDefender	Trojan.Generic.33949365
SUPERAntiSpyware	Adware.HPDefender/Variant
Avast	NSIS:InjectorX-gen [Trj]
Emsisoft	Trojan.Generic.33949365 (B)
F-Secure	Trojan.TR/Injector.hgzlz
TrendMicro	Trojan.Win32.GULOADER.YXDFTZ
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
FireEye	Generic.mg.0b359f7313105869
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Trojan.Leonem
Avira	TR/Injector.hgzlz
MAX	malware (ai score=84)
Gridinsoft	Trojan.Win32.GuLoader.bot
Microsoft	Trojan:Win32/Leonem
ZoneAlarm	HEUR:Trojan.Win32.Inject.gen
GData	Trojan.Generic.33949365
Google	Detected
AhnLab-V3	Trojan/Win.GuLoader.C5444386
McAfee	Artemis!0B359F731310
Cylance	unsafe
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDFTZ
Rising	Trojan.Injector/NSIS!1.E690 (CLASSIC)
Yandex	Trojan.Igent.b0lKKU.7
Ikarus	Trojan.NSIS.Agent
Fortinet	NSIS/Injector.CKER!tr
AVG	NSIS:InjectorX-gen [Trj]
DeepInstinct	MALICIOUS

DaHost.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All