Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 22, 2023, 9:42 a.m.	June 22, 2023, 9:44 a.m.

Size	26.3KB
Type	Rich Text Format data, version 1, unknown character set
MD5	`8c694cf91420a9ff5ebb6d52c05d30c6`
SHA256	`d41ac31b0e5c59ba775fc26312ec360bc053ba6ca6064478d6cba83a7f9f8a23`
CRC32	`8D2E0050`
ssdeep	`768:ckKIhylYS/j+c8itPM2L78h0K8mv6KIarNx1EYyE0G:4IhyldSc84E2DkUarNyE0G`
Yara	Rich_Text_Format_Zero - Rich Text Format Signature Zero SUSP_INDICATOR_RTF_MalVer_Objects - Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.

WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\rererereerererererererererereerererere%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ererererererer.doc
2556

Name	Response	Post-Analysis Lookup
ur-l.co	A 172.67.204.150 A 104.21.93.49	172.67.204.150
cdn.discordapp.com	A 162.159.135.233 A 162.159.134.233 A 162.159.129.233 A 162.159.130.233 A 162.159.133.233	162.159.134.233

IP Address	Status	Action
104.21.93.49	Active	Moloch
162.159.130.233	Active	Moloch
164.124.101.2	Active	Moloch
45.81.39.192	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49162 -> 104.21.93.49:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49172 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49172 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 45.81.39.192:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
UDP 192.168.56.101:54148 -> 164.124.101.2:53	2035466	ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)	Misc activity
TCP 192.168.56.101:49172 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 45.81.39.192:80 -> 192.168.56.101:49164	2022050	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1	A Network Trojan was detected
TCP 192.168.56.101:49180 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49180 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49169 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49169 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49169 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49184 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49184 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49169 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49185 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49185 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49184 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49185 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49184 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49173 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49185 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49173 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49193 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49193 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49173 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49212 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49193 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49212 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 45.81.39.192:80 -> 192.168.56.101:49164	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 45.81.39.192:80 -> 192.168.56.101:49164	2022051	ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2	A Network Trojan was detected
TCP 192.168.56.101:49212 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 45.81.39.192:80 -> 192.168.56.101:49164	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49197 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49197 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49241 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49197 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49241 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49197 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49181 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49181 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49181 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49200 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49200 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49200 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49208 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49208 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49257 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49217 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49217 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49208 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49217 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49228 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49228 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49260 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49260 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49221 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49260 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49221 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49260 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49188 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49221 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49188 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49232 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49232 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49236 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49236 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49229 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49229 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49268 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49268 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49245 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49245 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49245 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49245 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49269 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49269 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49272 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49269 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49269 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49248 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49248 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49285 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49293 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49285 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49293 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49293 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49293 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49301 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49253 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49301 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49253 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49301 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49296 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49253 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49296 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49301 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49296 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49256 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49256 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49204 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49204 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49320 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49309 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49320 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49309 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49320 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49177 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49309 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49320 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49205 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49309 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49205 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49317 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49317 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49317 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49204 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49280 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49189 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49317 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49189 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49189 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49325 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49325 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49209 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49341 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49325 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49192 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49341 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49341 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49216 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49329 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49216 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49329 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49341 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49329 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49216 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49329 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49196 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49196 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49196 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49224 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49224 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49350 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49350 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49196 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49224 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49350 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49168 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49168 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49350 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49168 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49280 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49252 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49201 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49374 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49280 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49168 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49252 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49374 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49374 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49362 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49252 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49362 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49374 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49176 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49284 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49362 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49176 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49362 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49225 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49176 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49284 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49383 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49383 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49371 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49383 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49371 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49213 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49288 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49383 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49213 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49371 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49288 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49213 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49273 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49391 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49273 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49391 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49375 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49233 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49375 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49391 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49233 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49273 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49312 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49312 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49375 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49233 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49220 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49312 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49220 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49407 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49407 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49312 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49233 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49220 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49395 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49407 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49395 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49277 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49395 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49277 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49321 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49237 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49321 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49277 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49237 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49395 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49321 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49237 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49321 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49240 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49419 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49240 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49419 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49244 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49281 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49419 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49244 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49402 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49281 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49402 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49334 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49402 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49334 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49249 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49419 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49249 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49402 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49334 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49249 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49249 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49261 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49406 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49297 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49406 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49297 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49406 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49427 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49261 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49297 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49427 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49346 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49406 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49346 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49427 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49261 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49346 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49427 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49308 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49346 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49308 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49423 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49276 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49423 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49308 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49434 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49423 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49276 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49434 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49308 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49353 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49423 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49353 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49434 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49289 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49289 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49353 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49289 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49426 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49426 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49289 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49354 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49426 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49354 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49324 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49443 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49324 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49443 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49354 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49292 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49324 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49292 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49443 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49324 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49292 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49430 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49292 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49430 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49363 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49313 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49363 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49328 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49313 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49430 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49328 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49363 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49328 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49300 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49430 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49313 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49363 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49300 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49328 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49458 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49300 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49458 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49316 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49316 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49458 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49316 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49463 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49316 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49463 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49378 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49462 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49378 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49462 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49342 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49304 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49463 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49378 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49342 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49304 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49462 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49378 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49342 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49333 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49304 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49333 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49342 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49478 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49333 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49478 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49382 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49466 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49333 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49305 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49466 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49382 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49478 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49305 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49382 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49466 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49305 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49382 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49366 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49338 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49366 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49486 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49338 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49486 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49366 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49338 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49387 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49486 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49387 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49491 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49338 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49491 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49387 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49491 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49487 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49487 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49491 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49487 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49345 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49345 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49486 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49359 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49494 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49359 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49345 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49390 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49494 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49394 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49390 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49394 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49359 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49345 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49494 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49487 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49390 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49394 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49359 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49394 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49349 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49349 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49390 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49349 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49398 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49398 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49349 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49398 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49414 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49502 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49414 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49367 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49502 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49358 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49367 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49411 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49511 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49358 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49414 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49411 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49511 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49502 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49367 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49358 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49511 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49411 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49367 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49358 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49511 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49503 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49503 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49503 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49379 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49370 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49379 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49526 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49370 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49502 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49431 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49526 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49431 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49379 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49370 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49526 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49450 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49431 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49450 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49507 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49507 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49431 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49450 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49527 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49379 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49527 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49507 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49527 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49439 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49526 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49451 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49439 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49531 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49451 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49386 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49527 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49531 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49439 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49403 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49386 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49451 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49403 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49439 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49531 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49386 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49451 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49403 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49530 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49530 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49530 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49459 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49459 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49399 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49459 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49474 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49474 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49534 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49534 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49474 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49415 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49467 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49534 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49415 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49467 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49534 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49415 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49467 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49415 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49518 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49467 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49518 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49538 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49538 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49518 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49538 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49418 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49410 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49418 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49470 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49410 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49470 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49418 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49549 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49410 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49549 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49470 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49418 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49522 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49549 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49522 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49522 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49422 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49438 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49422 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49438 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49422 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49482 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49438 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49482 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49422 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49482 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49442 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49442 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49435 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49435 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49483 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49442 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49483 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49435 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49483 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49442 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49539 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49539 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49539 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49446 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49435 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49446 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49498 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49446 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49498 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49498 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49447 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49447 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49498 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49447 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49446 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49447 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49454 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49454 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49515 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49515 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49454 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49515 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49455 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49455 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49515 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49471 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49455 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49471 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49455 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49471 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49519 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49454 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49519 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49519 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49519 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49475 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49475 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49523 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49523 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49475 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49490 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49523 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49490 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49490 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49535 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49535 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49495 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49479 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49495 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49535 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49479 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49535 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49495 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49479 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49479 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49499 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49550 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49499 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49550 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49499 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49550 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49506 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49506 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49499 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49506 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49510 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49510 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49510 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49510 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49514 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49514 -> 162.159.130.233:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49514 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49514 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49442 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49321 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49478 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49366 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49349 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49233 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49346 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49185 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49338 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49261 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49169 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49511 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49240 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49535 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49358 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49256 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49515 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49526 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49474 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49324 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49514 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49394 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49487 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49273 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49316 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49312 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49395 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49276 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49367 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49439 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49406 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49280 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49447 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49479 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49317 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49550 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49518 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49220 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49454 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49423 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49224 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49264 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49350 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49328 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49382 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49197 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49519 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49378 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49527 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49205 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49363 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49379 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49245 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49204 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49399 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49435 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49522 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49446 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49173 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49482 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49486 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49390 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49359 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49309 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49281 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49289 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49431 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49288 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49333 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49229 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49292 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49208 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49193 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49510 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49534 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49293 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49329 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49549 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49228 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49269 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49345 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49455 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49362 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49418 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49196 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49284 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49499 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49398 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49415 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49192 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49168 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49313 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49430 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49248 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49249 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49402 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49201 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49422 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49467 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49434 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49342 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49265 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49451 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49374 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49523 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49337 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49308 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49272 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49498 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49491 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49277 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49184 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49301 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49268 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49212 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49320 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49341 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49502 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49427 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49260 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49383 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49241 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity
TCP 192.168.56.101:49419 -> 162.159.130.233:443	2035464	ET INFO Observed Discord Domain (discordapp .com in TLS SNI)	Misc activity

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49162 104.21.93.49:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=ur-l.co	f5:2a:24:07:1e:0e:4c:da:4a:c2:b2:d8:df:cb:a9:f5:ab:4a:1b:7c

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 22, 2023, 9:42 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad OleCreateEmbeddingHelper+0x2a1 CreateFileMoniker-0x17de ole32+0x81414 @ 0x74741414 ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68 wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0 DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232 DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206 DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6 DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6 DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418 DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431 DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4 wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f4e15d7 wdCommandDispatch-0x367 winword+0x155d @ 0x2f4e155d BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x800706be exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 2050656 registers.edi: 1953561104 registers.eax: 2050656 registers.ebp: 2050736 registers.edx: 0 registers.ebx: 6593156 registers.esi: 2147944126 registers.ecx: 1143957843	1	0	0
__exception__ June 22, 2023, 9:42 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad CoRegisterMessageFilter+0x5048 ObjectStublessClient5-0x21 ole32+0x3b641 @ 0x746fb641 CoRegisterMessageFilter+0x4ff4 ObjectStublessClient5-0x75 ole32+0x3b5ed @ 0x746fb5ed CoRegisterMessageFilter+0x4b79 ObjectStublessClient5-0x4f0 ole32+0x3b172 @ 0x746fb172 CoRegisterMessageFilter+0x4075 ObjectStublessClient5-0xff4 ole32+0x3a66e @ 0x746fa66e ObjectStublessClient31+0x2961c STGMEDIUM_UserUnmarshal-0x92 ole32+0xba68c @ 0x7477a68c ObjectStublessClient31+0x6776 STGMEDIUM_UserUnmarshal-0x22f38 ole32+0x977e6 @ 0x747577e6 OleCreateEmbeddingHelper+0x344 CreateFileMoniker-0x173b ole32+0x814b7 @ 0x747414b7 ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68 wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0 DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232 DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206 DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6 DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6 DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418 DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431 DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4 wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f4e15d7 wdCommandDispatch-0x367 winword+0x155d @ 0x2f4e155d BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x800706ba exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 2050348 registers.edi: 1953561104 registers.eax: 2050348 registers.ebp: 2050428 registers.edx: 0 registers.ebx: 6593372 registers.esi: 2147944122 registers.ecx: 1143957843	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

June 22, 2023, 9:42 a.m.

stacktrace:

RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
OleCreateEmbeddingHelper+0x2a1 CreateFileMoniker-0x17de ole32+0x81414 @ 0x74741414
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f4e15d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f4e155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706be
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 2050656
registers.edi: 1953561104
registers.eax: 2050656
registers.ebp: 2050736
registers.edx: 0
registers.ebx: 6593156
registers.esi: 2147944126
registers.ecx: 1143957843

__exception__

June 22, 2023, 9:42 a.m.

stacktrace:

RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
CoRegisterMessageFilter+0x5048 ObjectStublessClient5-0x21 ole32+0x3b641 @ 0x746fb641
CoRegisterMessageFilter+0x4ff4 ObjectStublessClient5-0x75 ole32+0x3b5ed @ 0x746fb5ed
CoRegisterMessageFilter+0x4b79 ObjectStublessClient5-0x4f0 ole32+0x3b172 @ 0x746fb172
CoRegisterMessageFilter+0x4075 ObjectStublessClient5-0xff4 ole32+0x3a66e @ 0x746fa66e
ObjectStublessClient31+0x2961c STGMEDIUM_UserUnmarshal-0x92 ole32+0xba68c @ 0x7477a68c
ObjectStublessClient31+0x6776 STGMEDIUM_UserUnmarshal-0x22f38 ole32+0x977e6 @ 0x747577e6
OleCreateEmbeddingHelper+0x344 CreateFileMoniker-0x173b ole32+0x814b7 @ 0x747414b7
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f4e15d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f4e155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 2050348
registers.edi: 1953561104
registers.eax: 2050348
registers.ebp: 2050428
registers.edx: 0
registers.ebx: 6593372
registers.esi: 2147944122
registers.ecx: 1143957843

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

Connection to IP address

suspicious_request

GET http://45.81.39.192/471/DaHost.exe

Performs some HTTP requests (2 events)

request	GET http://45.81.39.192/471/DaHost.exe
request	GET https://ur-l.co/eD

Allocates read-write-execute memory (usually to unpack itself) (9 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x65001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6e531000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05940000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05940000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05950000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05960000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6e131000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6e134000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 9:42 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x507c1000 process_handle: 0xffffffff	1

An application raised an exception which may be indicative of an exploit crash (3 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process WINWORD.EXE with pid 2556 crashed
__exception__ June 22, 2023, 9:42 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad OleCreateEmbeddingHelper+0x2a1 CreateFileMoniker-0x17de ole32+0x81414 @ 0x74741414 ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68 wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0 DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232 DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206 DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6 DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6 DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418 DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431 DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4 wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f4e15d7 wdCommandDispatch-0x367 winword+0x155d @ 0x2f4e155d BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x800706be exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 2050656 registers.edi: 1953561104 registers.eax: 2050656 registers.ebp: 2050736 registers.edx: 0 registers.ebx: 6593156 registers.esi: 2147944126 registers.ecx: 1143957843	1	0	0
__exception__ June 22, 2023, 9:42 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad CoRegisterMessageFilter+0x5048 ObjectStublessClient5-0x21 ole32+0x3b641 @ 0x746fb641 CoRegisterMessageFilter+0x4ff4 ObjectStublessClient5-0x75 ole32+0x3b5ed @ 0x746fb5ed CoRegisterMessageFilter+0x4b79 ObjectStublessClient5-0x4f0 ole32+0x3b172 @ 0x746fb172 CoRegisterMessageFilter+0x4075 ObjectStublessClient5-0xff4 ole32+0x3a66e @ 0x746fa66e ObjectStublessClient31+0x2961c STGMEDIUM_UserUnmarshal-0x92 ole32+0xba68c @ 0x7477a68c ObjectStublessClient31+0x6776 STGMEDIUM_UserUnmarshal-0x22f38 ole32+0x977e6 @ 0x747577e6 OleCreateEmbeddingHelper+0x344 CreateFileMoniker-0x173b ole32+0x814b7 @ 0x747414b7 ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68 wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0 DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232 DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206 DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6 DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6 DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418 DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431 DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4 wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f4e15d7 wdCommandDispatch-0x367 winword+0x155d @ 0x2f4e155d BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x800706ba exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 2050348 registers.edi: 1953561104 registers.eax: 2050348 registers.ebp: 2050428 registers.edx: 0 registers.ebx: 6593372 registers.esi: 2147944122 registers.ecx: 1143957843	1	0	0

Application Crash

Process WINWORD.EXE with pid 2556 crashed

Time & API

Arguments

Status

Return

Repeated

__exception__

June 22, 2023, 9:42 a.m.

stacktrace:

RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
OleCreateEmbeddingHelper+0x2a1 CreateFileMoniker-0x17de ole32+0x81414 @ 0x74741414
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f4e15d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f4e155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

__exception__

June 22, 2023, 9:42 a.m.

stacktrace:

RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x747fc8e2
CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x746f98ad
CoRegisterMessageFilter+0x5048 ObjectStublessClient5-0x21 ole32+0x3b641 @ 0x746fb641
CoRegisterMessageFilter+0x4ff4 ObjectStublessClient5-0x75 ole32+0x3b5ed @ 0x746fb5ed
CoRegisterMessageFilter+0x4b79 ObjectStublessClient5-0x4f0 ole32+0x3b172 @ 0x746fb172
CoRegisterMessageFilter+0x4075 ObjectStublessClient5-0xff4 ole32+0x3a66e @ 0x746fa66e
ObjectStublessClient31+0x2961c STGMEDIUM_UserUnmarshal-0x92 ole32+0xba68c @ 0x7477a68c
ObjectStublessClient31+0x6776 STGMEDIUM_UserUnmarshal-0x22f38 ole32+0x977e6 @ 0x747577e6
OleCreateEmbeddingHelper+0x344 CreateFileMoniker-0x173b ole32+0x814b7 @ 0x747414b7
ObjectStublessClient31+0x6af8 STGMEDIUM_UserUnmarshal-0x22bb6 ole32+0x97b68 @ 0x74757b68
wdGetApplicationObject+0x131f9 wdCommandDispatch-0x4c476 wwlib+0x394dff @ 0x72124dff
DllCanUnloadNow+0xbaf5e wwlib+0x9692a0 @ 0x726f92a0
DllCanUnloadNow+0x339ef0 wwlib+0xbe8232 @ 0x72978232
DllCanUnloadNow+0x54e0c9 wwlib+0xdfc40b @ 0x72b8c40b
DllCanUnloadNow+0x55865b wwlib+0xe0699d @ 0x72b9699d
DllCanUnloadNow+0x33bec4 wwlib+0xbea206 @ 0x7297a206
DllCanUnloadNow+0xbd684 wwlib+0x96b9c6 @ 0x726fb9c6
DllCanUnloadNow+0x215f8 wwlib+0x8cf93a @ 0x7265f93a
DllGetClassObject+0x2d9ac DllGetLCID-0x22ded4 wwlib+0x325f6 @ 0x71dc25f6
DllGetClassObject+0x5b213 DllGetLCID-0x20066d wwlib+0x5fe5d @ 0x71defe5d
DllGetClassObject+0x5a904 DllGetLCID-0x200f7c wwlib+0x5f54e @ 0x71def54e
DllCanUnloadNow+0x3200d6 wwlib+0xbce418 @ 0x7295e418
DllCanUnloadNow+0x2d334c wwlib+0xb8168e @ 0x7291168e
DllGetClassObject+0x157e7 DllGetLCID-0x246099 wwlib+0x1a431 @ 0x71daa431
DllGetClassObject+0x3b23 DllGetLCID-0x257d5d wwlib+0x876d @ 0x71d9876d
FMain+0x482 DllGetClassObject-0x266 wwlib+0x49e4 @ 0x71d949e4
wdCommandDispatch-0x2ed winword+0x15d7 @ 0x2f4e15d7
wdCommandDispatch-0x367 winword+0x155d @ 0x2f4e155d
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 2050348
registers.edi: 1953561104
registers.eax: 2050348
registers.ebp: 2050428
registers.edx: 0
registers.ebx: 6593372
registers.esi: 2147944122
registers.ecx: 1143957843

Creates (office) documents on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\~$rerereerererererererererereerererere##################ererererererer.doc

Creates hidden or system file (1 event)

Time & API	Arguments	Status	Return	Repeated
NtCreateFile June 22, 2023, 9:42 a.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x000003ec filepath: C:\Users\test22\AppData\Local\Temp\~$rerereerererererererererereerererere##################ererererererer.doc desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$rerereerererererererererereerererere##################ererererererer.doc create_options: 4194400 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 0 ()	1	0	0

RTF file has an unknown character set (1 event)

filetype_details

Rich Text Format data, version 1, unknown character set

filename

rererereerererererererererereerererere%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ererererererer.doc

Communicates with host for which no DNS query was performed (1 event)

host

45.81.39.192

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

Lionic	Trojan.MSOffice.Generic.4!c
DrWeb	Exploit.ShellCode.69
CAT-QuickHeal	Exp.RTF.Obfus.Gen
McAfee	RTFObfustream.c!8C694CF91420
Sangfor	Malware.Generic-RTF.Save.8d852815
Arcabit	Exploit.RTF-ObfsStrm.Gen
Cyren	CVE-2017-11882.E.gen!Camelot
Symantec	Exp.CVE-2017-11882!g2
ESET-NOD32	multiple detections
Avast	Other:Malware-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Exploit.MSOffice.Generic
BitDefender	Exploit.RTF-ObfsStrm.Gen
NANO-Antivirus	Exploit.Rtf.Heuristic-rtf.dinbqn
MicroWorld-eScan	Exploit.RTF-ObfsStrm.Gen
Tencent	Exp.Ole.CVE-2017-11882.a
Emsisoft	Exploit.RTF-ObfsStrm.Gen (B)
F-Secure	Heuristic.HEUR/Rtf.Malformed
VIPRE	Exploit.RTF-ObfsStrm.Gen
TrendMicro	HEUR_RTFMALFORM
McAfee-GW-Edition	BehavesLike.Trojan.mv
FireEye	Exploit.RTF-ObfsStrm.Gen
Sophos	Troj/RtfExp-EQ
Ikarus	Exploit.CVE-2017-11882
Avira	HEUR/Rtf.Malformed
Antiy-AVL	Trojan[Exploit]/OLE.CVE-2017-11882
Gridinsoft	Trojan.U.GuLoader.bot
Microsoft	Trojan:Script/Wacatac.B!ml
ZoneAlarm	HEUR:Exploit.MSOffice.Generic
GData	Exploit.RTF-ObfsStrm.Gen
Google	Detected
AhnLab-V3	RTF/Malform-A.Gen
Zoner	Probably Heur.RTFObfuscation
MAX	malware (ai score=89)
Fortinet	MSOffice/CVE_2017_11882.B!exploit
AVG	Other:Malware-gen [Trj]

rererereerererererererererereerererere%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ererererererer.doc

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All