Summary | ZeroBOX

photo340.exe

Emotet Gen1 Amadey UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) PE64 PE File OS Processor Check PE32 .NET EXE CAB DLL
Category Machine Started Completed
FILE s1_win7_x6403_us July 27, 2023, 10:24 a.m. July 27, 2023, 10:26 a.m.
Size 514.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f0c28816a58f907591e5e014e049024a
SHA256 6e22ff9b754474a7f3f48c2a3c56220bab09392c3c6befeb7e37e92172470b59
CRC32 FB28F566
ssdeep 12288:aMrBy90+O8FhnFGKNGBaJdxEDEGcKyIIzPa8BMd3:byBnbFGKNmSED7c1zC8yd3
PDB Path wextract.pdb
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • CAB_file_format - CAB archive file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
files.catbox.moe 108.181.20.35
IP Address Status Action
141.94.192.217 Active Moloch
108.181.20.35 Active Moloch
164.124.101.2 Active Moloch
77.91.124.47 Active Moloch
77.91.124.84 Active Moloch
77.91.68.248 Active Moloch
77.91.68.61 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 192.168.56.103:49179 -> 77.91.68.61:80 2027700 ET MALWARE Amadey CnC Check-In Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 77.91.68.61:80 2045751 ET MALWARE Win32/Amadey Bot Activity (POST) M2 A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49180 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49180 2046056 ET MALWARE Redline Stealer Activity (Response) A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49185 -> 77.91.68.61:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49190 -> 77.91.68.61:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.103:49181 -> 77.91.124.47:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 77.91.124.47:80 -> 192.168.56.103:49181 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49193 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 77.91.68.61:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.103:49198 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49201 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49198 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49203 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49211 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49215 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49205 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49222 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49236 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49243 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49247 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49248 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49220 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49267 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49269 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49269 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49270 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49272 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49221 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49284 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 192.168.56.103:49216 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 77.91.124.84:19071 -> 192.168.56.103:49197 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.103:49216 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49216 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49286 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49224 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49286 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49225 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49295 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49231 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49231 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 77.91.68.61:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.103:49235 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49235 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49336 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49230 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49237 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49239 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49246 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49239 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49249 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49340 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49249 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49274 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49218 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49181 -> 77.91.124.47:80 2017598 ET MALWARE Possible Kelihos.F EXE Download Common Structure A Network Trojan was detected
TCP 192.168.56.103:49274 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49219 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49276 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49207 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49356 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49244 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49279 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49369 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49209 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49245 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49280 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49252 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49370 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49283 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 77.91.124.84:19071 -> 192.168.56.103:49197 2046056 ET MALWARE Redline Stealer Activity (Response) A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49254 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49254 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49259 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49374 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49374 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 192.168.56.103:49259 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49229 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49273 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49233 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49296 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49233 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49374 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49234 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49258 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49300 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49377 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49301 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49238 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49377 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49240 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49316 -> 77.91.68.61:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49316 -> 77.91.68.61:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49381 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.91.124.84:19071 -> 192.168.56.103:49229 2046056 ET MALWARE Redline Stealer Activity (Response) A Network Trojan was detected
TCP 192.168.56.103:49381 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 77.91.68.61:80 -> 192.168.56.103:49316 2014819 ET INFO Packed Executable Download Misc activity
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49387 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49255 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49255 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49404 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49321 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80 2019714 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49321 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49263 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49263 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 77.91.68.61:80 -> 192.168.56.103:49316 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 77.91.68.61:80 -> 192.168.56.103:49316 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49412 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49288 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49412 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.91.68.61:80 -> 192.168.56.103:49316 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity
TCP 192.168.56.103:49294 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49302 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49414 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49414 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49338 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49323 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49343 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49421 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49323 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49326 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49423 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49354 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49327 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49434 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49359 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49435 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49359 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49330 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49331 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49332 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49444 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49347 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49450 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49349 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49455 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49457 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49457 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49379 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49462 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49385 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49389 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49362 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49389 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.91.124.47:80 -> 192.168.56.103:49181 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49367 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49299 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49400 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49400 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49304 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49308 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49405 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49311 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49311 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49313 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49317 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49319 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49466 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49264 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49495 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49265 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49275 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49278 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49499 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49281 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49500 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49289 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49290 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49503 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49292 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49416 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49503 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49297 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49297 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49298 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49506 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49506 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49306 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49306 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49307 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49315 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49427 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49318 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49437 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49437 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49335 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49446 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49346 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49458 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49348 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49320 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49351 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49351 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49352 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49341 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49342 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49196 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 77.91.68.248:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49463 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49471 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49474 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49476 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49481 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49361 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49361 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49345 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49502 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49376 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49355 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49507 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49373 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49375 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49363 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49376 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49392 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49363 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49378 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49382 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49378 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49409 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49419 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49419 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49199 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49429 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49199 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49383 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49430 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49388 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49436 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49396 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 77.91.68.248:80 -> 192.168.56.103:49194 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 77.91.68.248:80 -> 192.168.56.103:49194 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 77.91.68.248:80 -> 192.168.56.103:49194 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49408 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49440 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49411 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49445 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49438 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49447 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49200 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49448 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49459 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49449 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49465 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49467 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49467 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49468 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49468 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49460 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49461 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49383 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49200 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49390 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49473 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49464 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49469 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49469 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49475 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49475 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49488 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49489 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49480 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49482 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49398 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49483 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49403 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49491 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49410 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49493 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49415 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49420 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49494 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49497 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49428 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49498 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49432 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49432 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49433 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49441 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49442 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49443 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49456 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49472 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49492 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49496 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49501 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49504 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49505 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49206 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49208 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49217 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49223 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49227 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49232 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49241 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49242 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49251 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49253 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49256 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49260 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49261 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49262 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49266 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49271 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49277 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49282 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49285 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49287 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49293 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49305 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49309 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49310 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49312 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49314 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49329 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49333 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49339 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49344 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49353 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49357 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49358 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49386 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49391 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49397 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49399 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49401 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49402 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49406 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49413 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49418 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49431 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49452 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49453 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49478 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49479 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49484 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49486 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49490 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49374 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49243 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443 2038639 ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI) Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

buffer: SUCCESS: The scheduled task "pdates.exe" has successfully been created.
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: A
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: y
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: Y
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: N
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: p
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: c
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: d
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: f
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: i
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: l
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: p
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: c
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: d
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: f
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: i
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: l
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleW

buffer: C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: A
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: y
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

buffer: r
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00575638
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00575638
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0058e6c8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0058e6c8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0058e6c8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0058e6c8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00572688
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00572688
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00572688
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00572688
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00572688
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x005a7660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x005a7660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x005a7860
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x005a7f60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x005a7f60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x005a7e20
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0055b968
flags: 0
crypto_export_handle: 0x00000000
blob_type: 8
1 1 0

CryptExportKey

buffer: f ím=®–o£c¼sRH¿Ûf*6rð~¼F#H•N
crypto_handle: 0x0055b968
flags: 0
crypto_export_handle: 0x00000000
blob_type: 8
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035bef8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035bef8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035bef8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035bef8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035be78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035be78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035be78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035be78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035be78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035be78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035be78
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035bf38
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035bf38
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035c0f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035c838
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035c838
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0035c6f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b068
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b068
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b068
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b068
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b028
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b028
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b028
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b028
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b028
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b028
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b028
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b0a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b0a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x0043b268
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
pdb_path wextract.pdb
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file C:\Program Files\Mozilla Firefox\firefox.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
resource name AVI
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
0x8cd2d1
0x8cd0d3
0x8c7ad8
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8cd408
registers.esp: 1829492
registers.edi: 1829544
registers.eax: 0
registers.ebp: 1829556
registers.edx: 5581096
registers.ebx: 1830988
registers.esi: 38339056
registers.ecx: 0
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bc88bc
0x4bc8152
0x4bc8025
0x4bc68db
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828020
registers.edi: 1828364
registers.eax: 0
registers.ebp: 1828028
registers.edx: 0
registers.ebx: 1830988
registers.esi: 39230036
registers.ecx: 40356332
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bc88bc
0x4bc8152
0x4bc803d
0x4bc68db
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828020
registers.edi: 1828364
registers.eax: 0
registers.ebp: 1828028
registers.edx: 0
registers.ebx: 1830988
registers.esi: 39230036
registers.ecx: 37981484
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bc88bc
0x4bc8152
0x4bc803d
0x4bc68db
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828020
registers.edi: 1828364
registers.eax: 0
registers.ebp: 1828028
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37966524
registers.ecx: 39217048
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bcd45e
0x4bccd19
0x4bc8025
0x4bc6bc4
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1827996
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828004
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37966524
registers.ecx: 40525888
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bcd45e
0x4bccd19
0x4bc803d
0x4bc6bc4
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1827996
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828004
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37966524
registers.ecx: 41872640
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bcd45e
0x4bccd19
0x4bc803d
0x4bc6bc4
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1827996
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828004
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37966524
registers.ecx: 43219392
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bcdd8a
0x4bcd731
0x4bc8025
0x4bc6cdc
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828048
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828056
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37966524
registers.ecx: 38493424
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bcdd8a
0x4bcd731
0x4bc803d
0x4bc6cdc
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828048
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828056
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37944368
registers.ecx: 39887360
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bcdd8a
0x4bcd731
0x4bc803d
0x4bc6cdc
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828048
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828056
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37944368
registers.ecx: 41281008
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bce49c
0x4bcdef9
0x4bc8025
0x4bc6de2
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828080
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828088
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37944368
registers.ecx: 42674792
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bce49c
0x4bcdef9
0x4bc803d
0x4bc6de2
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828080
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828088
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37944368
registers.ecx: 39229088
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bce49c
0x4bcdef9
0x4bc803d
0x4bc6de2
0x4bc5a71
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828080
registers.edi: 1828388
registers.eax: 0
registers.ebp: 1828088
registers.edx: 0
registers.ebx: 1830988
registers.esi: 37944368
registers.ecx: 40625360
1 0 0

__exception__

stacktrace:
0x4bcc950
0x4bcf823
0x4bcedce
0x4bc5ac9
0x8cd9ff
0x8c7c1d
0x8c72d3
0x8c3c6b
0x8c35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4bcc993
registers.esp: 1828900
registers.edi: 1829164
registers.eax: 0
registers.ebp: 1828908
registers.edx: 0
registers.ebx: 1830988
registers.esi: 41194268
registers.ecx: 41201244
1 0 0

__exception__

stacktrace:
0x82d1b9
0x82cfbb
0x827ad8
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x82d2f0
registers.esp: 2944916
registers.edi: 2944968
registers.eax: 0
registers.ebp: 2944980
registers.edx: 3352872
registers.ebx: 2946412
registers.esi: 40040076
registers.ecx: 0
1 0 0

__exception__

stacktrace:
0x49bb588
0x49b74f4
0x49b6d8a
0x49b6c5d
0x49b5513
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943444
registers.edi: 2943788
registers.eax: 0
registers.ebp: 2943452
registers.edx: 0
registers.ebx: 2946412
registers.esi: 40820760
registers.ecx: 41947236
1 0 0

__exception__

stacktrace:
0x49bb588
0x49b74f4
0x49b6d8a
0x49b6c75
0x49b5513
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943444
registers.edi: 2943788
registers.eax: 0
registers.ebp: 2943452
registers.edx: 0
registers.ebx: 2946412
registers.esi: 40820760
registers.ecx: 43251928
1 0 0

__exception__

stacktrace:
0x49bb588
0x49b74f4
0x49b6d8a
0x49b6c75
0x49b5513
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943444
registers.edi: 2943788
registers.eax: 0
registers.ebp: 2943452
registers.edx: 0
registers.ebx: 2946412
registers.esi: 40820760
registers.ecx: 40704552
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bc096
0x49bb951
0x49b6c5d
0x49b57fc
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943420
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943428
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39641992
registers.ecx: 42013392
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bc096
0x49bb951
0x49b6c75
0x49b57fc
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943420
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943428
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39641992
registers.ecx: 43360144
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bc096
0x49bb951
0x49b6c75
0x49b57fc
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943420
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943428
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39641992
registers.ecx: 44779480
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bc9c2
0x49bc369
0x49b6c5d
0x49b5914
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943472
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943480
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39641992
registers.ecx: 39878352
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bc9c2
0x49bc369
0x49b6c75
0x49b5914
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943472
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943480
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39620428
registers.ecx: 41272288
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bc9c2
0x49bc369
0x49b6c75
0x49b5914
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943472
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943480
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39620428
registers.ecx: 42665936
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bd0d4
0x49bcb31
0x49b6c5d
0x49b5a1a
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943504
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943512
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39620428
registers.ecx: 44059720
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bd0d4
0x49bcb31
0x49b6c75
0x49b5a1a
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943504
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943512
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39620428
registers.ecx: 40841184
1 0 0

__exception__

stacktrace:
0x49bb588
0x49bd0d4
0x49bcb31
0x49b6c75
0x49b5a1a
0x49b46a9
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2943504
registers.edi: 2943812
registers.eax: 0
registers.ebp: 2943512
registers.edx: 0
registers.ebx: 2946412
registers.esi: 39620428
registers.ecx: 42237456
1 0 0

__exception__

stacktrace:
0x49bb588
0x49be45b
0x49bda06
0x49b4701
0x82d9ff
0x827c1d
0x8272d3
0x823c6b
0x8235d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x49bb5cb
registers.esp: 2944324
registers.edi: 2944588
registers.eax: 0
registers.ebp: 2944332
registers.edx: 0
registers.ebx: 2946412
registers.esi: 42806364
registers.ecx: 42813340
1 0 0

__exception__

stacktrace:
0x7bd391
0x7bd193
0x7b7ad8
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7bd4c8
registers.esp: 3598292
registers.edi: 3598344
registers.eax: 0
registers.ebp: 3598356
registers.edx: 4273040
registers.ebx: 3599788
registers.esi: 38470868
registers.ecx: 0
1 0 0

__exception__

stacktrace:
0x469cfa8
0x4698f0c
0x46987a2
0x4698675
0x4696f2b
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596820
registers.edi: 3597164
registers.eax: 0
registers.ebp: 3596828
registers.edx: 0
registers.ebx: 3599788
registers.esi: 39400592
registers.ecx: 40526876
1 0 0

__exception__

stacktrace:
0x469cfa8
0x4698f0c
0x46987a2
0x469868d
0x4696f2b
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596820
registers.edi: 3597164
registers.eax: 0
registers.ebp: 3596828
registers.edx: 0
registers.ebx: 3599788
registers.esi: 39400592
registers.ecx: 38117976
1 0 0

__exception__

stacktrace:
0x469cfa8
0x4698f0c
0x46987a2
0x469868d
0x4696f2b
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596820
registers.edi: 3597164
registers.eax: 0
registers.ebp: 3596828
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38103016
registers.ecx: 39353528
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469dab6
0x469d371
0x4698675
0x4697214
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596796
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596804
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38103016
registers.ecx: 40662368
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469dab6
0x469d371
0x469868d
0x4697214
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596796
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596804
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38103016
registers.ecx: 42009120
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469dab6
0x469d371
0x469868d
0x4697214
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596796
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596804
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38103016
registers.ecx: 43355872
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469e3e2
0x469dd89
0x4698675
0x469732c
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596848
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596856
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38103016
registers.ecx: 38652092
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469e3e2
0x469dd89
0x469868d
0x469732c
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596848
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596856
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38102956
registers.ecx: 40046016
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469e3e2
0x469dd89
0x469868d
0x469732c
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596848
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596856
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38102956
registers.ecx: 41439664
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469eaf4
0x469e551
0x4698675
0x4697432
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596880
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596888
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38102956
registers.ecx: 42833448
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469eaf4
0x469e551
0x469868d
0x4697432
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596880
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596888
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38102956
registers.ecx: 39387768
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469eaf4
0x469e551
0x469868d
0x4697432
0x46960c1
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3596880
registers.edi: 3597188
registers.eax: 0
registers.ebp: 3596888
registers.edx: 0
registers.ebx: 3599788
registers.esi: 38102956
registers.ecx: 40784040
1 0 0

__exception__

stacktrace:
0x469cfa8
0x469fe7b
0x469f426
0x4696119
0x7bd9ff
0x7b7c1d
0x7b72d3
0x7b3c6b
0x7b35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x469cfeb
registers.esp: 3597700
registers.edi: 3597964
registers.eax: 0
registers.ebp: 3597708
registers.edx: 0
registers.ebx: 3599788
registers.esi: 41352948
registers.ecx: 41359924
1 0 0
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://77.91.68.61/rock/index.php
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.124.47/new/foto5566.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.124.47/new/fotod250.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.124.47/anon/an.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.68.248/fuzz/raman.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.68.61/rock/Plugins/cred64.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.68.61/rock/Plugins/clip64.dll
request POST http://77.91.68.61/rock/index.php
request GET http://77.91.124.47/new/foto5566.exe
request GET http://77.91.124.47/new/fotod250.exe
request GET http://77.91.124.47/anon/an.exe
request GET http://77.91.68.248/fuzz/raman.exe
request GET http://77.91.68.61/rock/Plugins/cred64.dll
request GET http://77.91.68.61/rock/Plugins/clip64.dll
request POST http://77.91.68.61/rock/index.php
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74011000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fe1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74011000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fb1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2124
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74011000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2124
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fe1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef4033000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 2162688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000001fe0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002170000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3c2a000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3545000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3591000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3c2b000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 720896
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000590000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000005c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3592000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3594000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3594000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3594000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3594000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93dea000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93e9c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93ec6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93ea0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93dfc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef1ed6000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefe52d000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93f10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93f11000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93e0b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93e3c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93e0d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93dfa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2172
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93f12000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

number_of_free_clusters: 2425381
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2425381
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2425247
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2425247
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2425178
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2425178
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2424148
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2424148
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2424045
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2424045
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2423788
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2423788
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2423685
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

number_of_free_clusters: 2423685
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\g2474962.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\v7696680.exe
file C:\Users\test22\AppData\Local\Temp\IXP004.TMP\k7404811.exe
file C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
file C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y3938954.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\x2150544.exe
file C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n6056764.exe
file C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
file C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\j6120486.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ohcompetitive.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\c0646653.exe
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\h0472691.exe
file C:\Users\test22\AppData\Local\Temp\IXP004.TMP\l7621037.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\v7318670.exe
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\a7207637.exe
file C:\Users\test22\AppData\Local\Temp\1000011051\an.exe
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\b6358658.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ohcompettitive.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\d4021112.exe
cmdline "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
cmdline C:\Windows\system32\cmd.exe /S /D /c" echo Y"
cmdline "C:\Windows\System32\regsvr32.exe" -U -S K1heT.2
cmdline regsvr32.exe -U -S K1heT.2
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
file C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe
file C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
file C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
file C:\Users\test22\AppData\Local\Temp\1000011051\an.exe
file C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ohcompetitive.exe
file C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
file C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe
file C:\Users\test22\AppData\Local\Temp\k1het.2
file C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
file C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe
1 1 0

ShellExecuteExW

show_type: 0
filepath_r: SCHTASKS
parameters: /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
filepath: SCHTASKS
1 1 0

ShellExecuteExW

show_type: 0
filepath_r: cmd
parameters: /k echo Y|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit
filepath: cmd
1 1 0

ShellExecuteExW

show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
1 1 0

ShellExecuteExW

show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
1 1 0

ShellExecuteExW

show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000011051\an.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000011051\an.exe
1 1 0

ShellExecuteExW

show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
1 1 0

ShellExecuteExW

show_type: 0
filepath_r: rundll32.exe
parameters: C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
filepath: rundll32.exe
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2060
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 49152
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x02581000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

flags: 1158
family: 0
1 0 0
Time & API Arguments Status Return Repeated

InternetReadFile

buffer: MZÿÿ¸@ິ Í!¸LÍ!This program cannot be run in DOS mode. $×â%‡“ƒKԓƒKԓƒKÔöåNՒƒKÔöåHՒƒKÔöåOՇƒKÔöåJՂƒKԓƒJÔ ƒKÔöåC՚ƒKÔöå´Ô’ƒKÔöåIՒƒKÔRich“ƒKÔPELâ`bà  d®`j€@ `ìÞ@Á Œ¢´À¼PˆT@ ˆ.textcd `.dataH€h@À.idataR j@@.rsrcÀ|@@.relocˆP @B‚@P‚@¤€@p@ˆ¢@È@u j@°i@@o@àÀ012P4ð4B€IPJÐJ`KÀK LÀLÐLàO€cÀc`g°i j`jàlðn@oppr radvapi32.dllCheckTokenMembership" .INF[]RebootAdvancedINFVersionsetupx.dllsetupapi.dll.BATSeShutdownPrivilegeadvpack.dllDelNodeRunDLL32*...wininit.ini%luSoftware\Microsoft\Windows\CurrentVersion\App Paths\Kernel32.dllHeapSetInformationTITLEEXTRACTOPTINSTANCECHECKVERCHECKDecryptFileALICENSE<None>REBOOTSHOWWINDOWADMQCMDUSRQCMDRUNPROGRAMPOSTRUNPROGRAMFINISHMSGLoadString() Error. Could not load string resource.CABINETFILESIZESPACKINSTSPACEUPROMPTIXP%03d.TMPIXPi386mipsalphappcA:\msdownld.tmpTMP4351$.TMPRegServerUPDFILE%luControl Panel\Desktop\ResourceLocaleâ`b%ttâ`b Øœœâ`bprRSDSºÍã÷æÎÍú1‚ òïåwextract.pdbGCTL¬.rdata$brc¬.CRT$XCA°.CRT$XCAA´.CRT$XCZ¸.CRT$XIA¼.CRT$XIAAÀ.CRT$XIYÄ.CRT$XIZÈx.gfids@0.rdatap.rdata$sxdatat .rdata$zzzdbg€8\.text$mn¸r\.xdata$x€à.dataàh.bss ˆ.idata$5ˆ¢.00cfgŒ¢ .idata$2,£.idata$3@£ˆ.idata$4È¥Š .idata$6À.rsrc$01Ä ‰.rsrc$02‹ÿU‹ì3À…Òtúÿÿÿv¸W€…Àx QÿuQèÛë…ÒtÆ]‹ÿU‹ìSVW3ÿ»W€‹÷…Òtúÿÿÿv‹ó…öx?‹ò‹Á…Òt €8t@ƒîuõ‹þ‹Â÷Þö+ǁæ©ÿøó÷ßÿ#ø…öxQÿu+×QÏèn‹ð_‹Æ^[]‹ÿU‹ì‹E V3ö…Àt=ÿÿÿv¾W€…öx5S‹]3öWxÿEPÿuWSÿ|¢@ƒÄ…Àx;Çwu ë¾z€Æ_[ë …Àt‹MÆ‹Æ^]ËÿU‹ì…Òt&‹E SV¾þÿÿ+Á…ötŠ„Ût ˆANƒêuì^[…ÒuI÷ÚÆҁâ†ÿø‚z€] ‹ÿU‹ì9Mr‹Eº+Á;Âw+M ë3À]‹ÿU‹ìƒì¡€@3ʼnEüSVW3ÀfÇEø‹ñ‰EôhD@‰uè‹Øÿx @‹ø…ÿtjhT@Wÿœ @‰Eð…ÀtP3ɍEìPQQQQQQh j jEô‰PCÿ$ @…Àt*‹Mð‹ôÿuèÿuìjÿˆ¢@ÿUð;ôt¹Í)ÿuìÿ @Wÿ¬ @‹Mü‹Ã_^3Í[èAT‹å]ËÿU‹ìƒì¡€@3ʼnEü¡(@SWj3ÛfÇEø_‰]ô‰]ð;Ç…ôMðèÿÿÿ…À…ӍEèPjÿ¡@Pÿ @…À„ɍEìPSSWÿuèÿ @…À…’ÿl @ƒøz…ƒVÿuìSÿP¡@‹ð…ötqEìPÿuìVWÿuèÿ @…ÀtTEäPSSSSSSh j WEôPÿ$ @…Àt49v'~ÿuäÿ7ÿ, @…Àu CƒÇ;réë 3À@£(@‰Eðÿuäÿ @Vÿ¤ @^ÿuèÿˆ @‹Eðë‹Eð…Àt Ç(@‹Mü_3Í[è S‹å]ÃÌÌÌÌÌÌ̋ÿU‹ìì¡€@3ʼnEü‹E V‹u-t!ƒèu‹UŠÃ÷ÿÿƒùw RVÿà¡@ëP3ÀëOÿÌ¡@‹Ð‹Îè)h…üýÿÿƅüýÿÿPÿuÿ5<š@ÿè¡@…üýÿÿPh?VÿÔ¡@jÿÿÜ¡@3À@‹Mü3Í^èbR‹å]‹ÿU‹ìQS‹Á‹ÚVW‰Eü3ÿ‹0ë€>tFf¾‹ËèÔK…Àuë‹Eüf¾‰0ë3Àë#€<7tGf¾7‹Ëè®K…Àté7€8tÆ@_^[‹å]ËÿU‹ìì¡€@3ʼnEü‹EºSV‹Ù‰…èùÿÿ‹E ôýÿÿWS‰…ìùÿÿè[ûÿÿ€½ôýÿÿ"u ºl@…õýÿÿë ºp@…ôýÿÿðùÿÿ‰…ðùÿÿè-ÿÿÿ‹µðùÿÿ‹ø…öt<‹ÎQŠA„Àuù+ʃùr)ŠF<:u€~\t €>\u<\uVºøþÿÿèãúÿÿë(Qhä‘@QºøþÿÿèËûÿÿVºøþÿÿèÃIj.Z‹Îè÷J…À„šjÿht@jÿPjjÿh @Hƒè…|…øþÿÿPÿ
request_handle: 0x00cc000c
1 1 0

InternetReadFile

buffer: MZÿÿ¸@ິ Í!¸LÍ!This program cannot be run in DOS mode. $×â%‡“ƒKԓƒKԓƒKÔöåNՒƒKÔöåHՒƒKÔöåOՇƒKÔöåJՂƒKԓƒJÔ ƒKÔöåC՚ƒKÔöå´Ô’ƒKÔöåIՒƒKÔRich“ƒKÔPELâ`bà  d°`j€@ pq¨@Á Œ¢´ÀP‘`ˆT@ ˆ.textcd `.dataH€h@À.idataR j@@.rsrc À’|@@.relocˆ` @B‚@P‚@¤€@p@ˆ¢@È@u j@°i@@o@àÀ012P4ð4B€IPJÐJ`KÀK LÀLÐLàO€cÀc`g°i j`jàlðn@oppr radvapi32.dllCheckTokenMembership" .INF[]RebootAdvancedINFVersionsetupx.dllsetupapi.dll.BATSeShutdownPrivilegeadvpack.dllDelNodeRunDLL32*...wininit.ini%luSoftware\Microsoft\Windows\CurrentVersion\App Paths\Kernel32.dllHeapSetInformationTITLEEXTRACTOPTINSTANCECHECKVERCHECKDecryptFileALICENSE<None>REBOOTSHOWWINDOWADMQCMDUSRQCMDRUNPROGRAMPOSTRUNPROGRAMFINISHMSGLoadString() Error. Could not load string resource.CABINETFILESIZESPACKINSTSPACEUPROMPTIXP%03d.TMPIXPi386mipsalphappcA:\msdownld.tmpTMP4351$.TMPRegServerUPDFILE%luControl Panel\Desktop\ResourceLocaleâ`b%ttâ`b Øœœâ`bprRSDSºÍã÷æÎÍú1‚ òïåwextract.pdbGCTL¬.rdata$brc¬.CRT$XCA°.CRT$XCAA´.CRT$XCZ¸.CRT$XIA¼.CRT$XIAAÀ.CRT$XIYÄ.CRT$XIZÈx.gfids@0.rdatap.rdata$sxdatat .rdata$zzzdbg€8\.text$mn¸r\.xdata$x€à.dataàh.bss ˆ.idata$5ˆ¢.00cfgŒ¢ .idata$2,£.idata$3@£ˆ.idata$4È¥Š .idata$6À.rsrc$01Ä ‰.rsrc$02‹ÿU‹ì3À…Òtúÿÿÿv¸W€…Àx QÿuQèÛë…ÒtÆ]‹ÿU‹ìSVW3ÿ»W€‹÷…Òtúÿÿÿv‹ó…öx?‹ò‹Á…Òt €8t@ƒîuõ‹þ‹Â÷Þö+ǁæ©ÿøó÷ßÿ#ø…öxQÿu+×QÏèn‹ð_‹Æ^[]‹ÿU‹ì‹E V3ö…Àt=ÿÿÿv¾W€…öx5S‹]3öWxÿEPÿuWSÿ|¢@ƒÄ…Àx;Çwu ë¾z€Æ_[ë …Àt‹MÆ‹Æ^]ËÿU‹ì…Òt&‹E SV¾þÿÿ+Á…ötŠ„Ût ˆANƒêuì^[…ÒuI÷ÚÆҁâ†ÿø‚z€] ‹ÿU‹ì9Mr‹Eº+Á;Âw+M ë3À]‹ÿU‹ìƒì¡€@3ʼnEüSVW3ÀfÇEø‹ñ‰EôhD@‰uè‹Øÿx @‹ø…ÿtjhT@Wÿœ @‰Eð…ÀtP3ɍEìPQQQQQQh j jEô‰PCÿ$ @…Àt*‹Mð‹ôÿuèÿuìjÿˆ¢@ÿUð;ôt¹Í)ÿuìÿ @Wÿ¬ @‹Mü‹Ã_^3Í[èAT‹å]ËÿU‹ìƒì¡€@3ʼnEü¡(@SWj3ÛfÇEø_‰]ô‰]ð;Ç…ôMðèÿÿÿ…À…ӍEèPjÿ¡@Pÿ @…À„ɍEìPSSWÿuèÿ @…À…’ÿl @ƒøz…ƒVÿuìSÿP¡@‹ð…ötqEìPÿuìVWÿuèÿ @…ÀtTEäPSSSSSSh j WEôPÿ$ @…Àt49v'~ÿuäÿ7ÿ, @…Àu CƒÇ;réë 3À@£(@‰Eðÿuäÿ @Vÿ¤ @^ÿuèÿˆ @‹Eðë‹Eð…Àt Ç(@‹Mü_3Í[è S‹å]ÃÌÌÌÌÌÌ̋ÿU‹ìì¡€@3ʼnEü‹E V‹u-t!ƒèu‹UŠÃ÷ÿÿƒùw RVÿà¡@ëP3ÀëOÿÌ¡@‹Ð‹Îè)h…üýÿÿƅüýÿÿPÿuÿ5<š@ÿè¡@…üýÿÿPh?VÿÔ¡@jÿÿÜ¡@3À@‹Mü3Í^èbR‹å]‹ÿU‹ìQS‹Á‹ÚVW‰Eü3ÿ‹0ë€>tFf¾‹ËèÔK…Àuë‹Eüf¾‰0ë3Àë#€<7tGf¾7‹Ëè®K…Àté7€8tÆ@_^[‹å]ËÿU‹ìì¡€@3ʼnEü‹EºSV‹Ù‰…èùÿÿ‹E ôýÿÿWS‰…ìùÿÿè[ûÿÿ€½ôýÿÿ"u ºl@…õýÿÿë ºp@…ôýÿÿðùÿÿ‰…ðùÿÿè-ÿÿÿ‹µðùÿÿ‹ø…öt<‹ÎQŠA„Àuù+ʃùr)ŠF<:u€~\t €>\u<\uVºøþÿÿèãúÿÿë(Qhä‘@QºøþÿÿèËûÿÿVºøþÿÿèÃIj.Z‹Îè÷J…À„šjÿht@jÿPjjÿh @Hƒè…|…øþÿÿPÿ
request_handle: 0x00cc000c
1 1 0

InternetReadFile

buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $DØþe¹6¹6¹6ҕ7¹6ғ7¹6Ҕ7¹6ґ7¹6¹‘6 ¹6Ҙ7 ¹6Òo6¹6Ғ7¹6Rich¹6PEd†øÄ®ð" |‚@ àéæ`Á <¢´ð$ÖàÐ šT(‘ .text€{| `.rdataÈ"$€@@.dataÀ¤@À.pdataà¨@@.rsrcàðØ®@@.reloc І@BÌÌÌÌÌÌÌÌE3ÉHBÿAºþÿÿA»W€I;ÂEGËE…ÉxGH…Òt"L+ÒL+ÁIH…ÀtAŠ„Àt ˆHÿÁHƒêuäH…ÒHAÿHEÁH÷ÚEÉA÷ÑAáz€ÆëH…ÒtÆA‹ÁÃÌÌÌÌÌÌÌÌÌÌE3ÉL‹ÒM‹ØH‹ÑA¸W€IBÿH=þÿÿEGÈE…Éx5I‹ÊH‹ÂM…Òt€8t HÿÀHƒéuòH‹ÁH÷ØEÉA÷ÑE#ÈH…ÉtM‹ÂL+ÁëE3ÀE…ÉxXI‹ÊII+Èt.H‹ÁMˆþÿÿI+ÂLÈL+ÚM…ÉtAŠ„ÀtˆIÿÉHÿÂHƒéuåH…ÉHBÿHEÂH÷ÙEÉA÷ÑAáz€ÆA‹ÁÃÌÌÌÌÌÌÌÌÌÌL‰D$L‰L$ SVWHƒì 3ÿHBÿH=þÿÿH‹ñ¹W€Gù…ÿx;HZÿH‹ÎH‹ÓLL$X3ÿHÿ˜„D…ÀxH˜H;Ãwu@ˆ<3ë@ˆ<3¿z€ëH…ÒtÆ‹ÇHƒÄ _^[ÃÌÌÌÌÌÌÌH‰\$H‰l$VWAVHì€H‹ ®H3ÄH‰D$pL‹ñfÇD$l3íH …‹ý‰l$hHÿ€DH‹ØH…À„šHð„H‹ÈHÿ.€DH‹ðH…ÀtmHD$`A‰.H‰D$PDE ‰l$HHL$h‰l$@}‰l$8A¹ ‰l$0²‰l$(‰l$ Hÿñ~D…Àt$H‹T$`M‹Æ3ÉH‹ÆÿµƒH‹L$`Hÿ¡~DH‹ËHÿÊD‹ÇH‹L$pH3Ìè¦qLœ$€I‹[(I‹k0I‹ãA^_^ÃÌÌÌÌÌÌÌÌÌÌH‹ÄH‰XH‰pH‰xL‰p UHh¡HìH‹ö¬H3ÄH‰EG‹-®E3öD‰u?fÇECD‰u'A^;Ã…’HM'è‡þÿÿ…À…hHÿŒ€DH‹ÈLE/SHÿæ}D…À„WH‹M/HE+E3ÉH‰D$ E3À‹ÓHÿ•}D…À…HÿY~Dƒøz…ë‹U+3ÉHÿ€DH‹øH…À„ÎD‹M+HE+H‹M/L‹Ç‹ÓH‰D$ Hÿ9}D…À„•HE7A¹ H‰D$PHM?D‰t$HA¸ D‰t$@ŠÓD‰t$8D‰t$0D‰t$(D‰t$ Hÿ4}D…ÀtLA‹öD97v4»H‹U7‹ÎHÉH‹LÏHÿ}D…Àuó;7rÜë ‰ά‰]'H‹M7Hÿ¼|DH‹ÏHÿÕ}DH‹M/Hÿ}D‹E'ë‹ ‘¬»‹E'…ÀEˉ ~¬H‹MGH3Ìè–oLœ$I‹[I‹sI‹{ M‹s(I‹ã]ÃÌÌÌÌÌÌÌÌÌH‰\$WHì0H‹ôªH3ÄH‰„$ I‹ùI‹ÀH‹Ùêt'ƒúuIÀÃ÷ÿÿIƒøwH‹ÐHÿôDëh3ÀëiHÿ €DH‹ÐH‹Ëèú6H‹ ûÈLD$ A¹ÆD$ ‹×Hÿ¢DLD$ º?H‹ËHÿ±DƒÉÿHÿ’D¸H‹Œ$ H3Ìè nH‹œ$HHÄ0_ÃÌÌÌÌÌÌÌH‰\$H‰l$H‰t$WHƒì H‹H‹òH‹ù3íë@8+tjHÿþH‹ÎèÌfH…Àuè¾H‹ÎH‰è¹fH…ÀuH‹û€?tHÿÇH‹ÎÿžèœfH…ÀtæHcÅHÀ8tÆHÿÀH‹\$0H‹l$8H‹t$@HƒÄ _ÃÌ3ÀëæÌÌÌÌÌÌÌÌH‰\$UVWATAUAVAWH¬$úÿÿHìpH‹^©H3ÄH‰…`L‹ñHEPM‹ÖHMPL+ÐM‹ùE3íM‹àºH‚úþÿH…ÀtAŠ „Àt ˆHÿÁHƒêuáH…ÒHAÿHEÁDˆ(€}P"u H#€HEQë H€HEPHL$0H‰D$0è»þÿÿH‹|$0HƒËÿH‹ðH…ÿtlH‹ÃHÿÀD8,u÷HƒørZŠG±\<:u8Ot8uH:ÁuDHD$@L‹ÇL+ÀHL$@ºH‚úþÿH…ÀtAŠ„Àt ˆHÿÁHƒêuáH…ÒHAÿHEÁDˆ(ëZA¹LY¾HD$@A‹ÑL+ÀHL$@H‚úþÿH…ÀtAŠ„Àt ˆHÿÁHƒêuáH…ÒHAÿL‹ÇA‹ÑHEÁHL$@Dˆ(è¤cº.H‹ÏèWeH…À„H ‰\$(ºH‰L$ D‹ËL‹ÀJ~Hÿ¹yDƒø…ÎHL$@Hÿ¯yDƒøÿ„ŒÁè÷Ѓà„~HÄ~H‰t$0HL$0è]ýÿÿH‹ÈH…Àt"D8)H§~H‹D$0HEÁHL$0H‰D$0è3ýÿÿº¹@Hÿ{DH‹ØH…À„ËH‹t$0H=E¨H‹ÏLL$@HV~D8.HEÎE3ÀHÿ•yDL‹ËAlj(¼Lá}HD$@H‰D$(H ~H )~ÇD$ HÿZyD…Àt5ƒ źD8.I‹ÎHEþL‹Çè›öÿÿLD$@ºH‹Ëè‰öÿÿéMƒ%ÙÄûfD9-åÄu%A¸HT$@HL$@L5¼}HÿEzDëL5·}D8.HD$@H‰D$(L§HEþM‹ÎºH‰|$ H‹Ëè^÷ÿÿéÞE3ÉLD$@º%D‰l$(3ÉÇD$ è¸33À鿺.H‹Ïè@cH…À„šHP}‰\$(H‰T$ D‹ËºL‹ÀJ~Hÿ¢wDƒøukH5ѦH‹ÃHÿÀD8,u÷HL$@HÿÃD8,u÷H<¹@HWHÿ3yDH‹ØH…ÀuE3ɺµE3ÀéNÿÿÿLL$@L‹ÆHWH‹Èè†öÿÿ鿹@‹×HÿêxDH‹ØH…Àt·HL$@HÿwDƒøÿt}¨uyLD$@‹×H…`L+ÀH`H‚þûÿH…ÀtBŠ„Àt ˆHÿÁHƒêuáH…ÒHAÿHEÁDˆ(H…ötmD8.thLÙ{H‹×H`èõÿÿL‹ÆH`H‹×èõÿÿë>H…`L+ðH•`H‡þûÿH…ÀtBŠ2„Àt ˆHÿÂHƒïuáH…ÿHJÿHEÊDˆ)L‹ÃDˆ+H‹ÓH`è›I‰$¸H‹`H3Ìè‡hH‹œ$¸HÄpA_A^A]A\
request_handle: 0x00cc000c
1 1 0

InternetReadFile

buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $Ù=LF¸SF¸SF¸Sò$¢K¸Sò$ ˸Sò$¡^¸SÆîD¸SÆÃWU¸SÆÃPQ¸SÆÃVt¸SOÀÐM¸SOÀÀA¸SF¸RN¹SÈÃV`¸SÈÃSG¸SÈìG¸SÈÃQG¸SRichF¸SPELf¡¹dà !~à]@À@Á0*4d*P°øߐT)@T8³@,\ .text }~ `.rdata榐¨‚@@.data \@*@À.didatx :@À.rsrcøß°à<@@.relocT)*@BhOCè%ÃÌÌÌÌÌh ŒBè¯IYÃÌÌÌÌèèZ£8àCÃÌÌÌÌ̹HàCéUiÌÌÌÌÌ̹PåCèbßh°ŒBèuIYÃÌÌÌÌÌÌÌÌÌ̹øaFèéFhÀŒBèUIYÃÌÌÌÌÌÌÌÌÌ̹œ­EéÑÌÌÌÌÌ̹°­Eè¡)hЌBè%IYÃÌÌÌÌÌÌÌÌÌ̹Œ­Eè™FhàŒBèIYÃÌÌÌÌÌÌÌÌÌ̹®EèhðŒBèåHYÃÌÌÌÌÌÌÌÌÌÌhBèÏHYÃÌÌÌÌU‹ìì,EüVPÿ| F…Àu`‹E3ɉE܍…Ôýÿÿ‰Eä‹E ‰EèEÜP‰MàÇEìA‰Mð‰Môÿl F‹ð…öt)SÿuVÿp F‹Mü…ÀVQ•Ã‹‹r‹Îÿ,’Bÿ֊Ã[ë2À^ÉÂ̶D$ Pÿt$ ÿt$ ÿL¡FPÿH¡F ¶D$ ÷ØÀƒà Pÿt$ ÿt$ ÿL¡FPÿX¡F U‹ìƒ} 0tY} u]ŠE ¹°­E$¶ÀPÿuÿuè‡6öE t>ÿuÿ@¡F…Àt1h!0PÿL¡F…Àt!öE th„•BPÿD¡Fë ÿu¹°­Eè62À]ÂU‹ì‹E =rE PEPè`‹E PÿuèøCYY]¸—ŠBè÷CQV‹ñW‰uð觍Ž²èW3ÿŽ`²‰}üèøVŽ¼²ÆEüèéVŽ³ÆEüèÚVŽt³ÆEüèËVŽÐ³ÆEüè~D‰¾à³‰¾ä³‰¾è³‹ÎÆEü茋Mô‹Æ_^d‰ ÉÃ9tÿ1èk‘YÃéÅéèÿÿÿÁ³éW¸ èaCSUVWjjÿ´$( è{‹Œ$ ‹Øè·W½颍D$Pè˜%‹ð·Qè_$€¼$ t „Àt3Àf‰ë„ÀtUh€•BD$Pè›UjjD$‹ûPè‹ðfƒ>*u:·NQè$„Àt,j.Xj\f‰„$XUf‰„$„$SPèxU¼$ÿ´$( WVè„Àu'‹Œ$ D$UPè¡V„À…Dÿÿÿ_^][Ä °ëïU‹ìVjÿu‹ñÿuÿu †`²Pèàþÿÿ„Àt°ë,€}t$ƒ¾Ð²tjÿu†¼²ÿuÿu Pè²þÿÿ„ÀtÒ2À^]ÂV‹ñèõ3ÀŽ²f‰†â‘f‰†¢f‰†Ø‘‰†Ü‘ˆ†à‘è>VŽ`²è3VŽ¼²è(VŽ³èVŽt³èVŽÐ³è¿C‹†à³;†ä³t‰†ä³^ÃQQSUV‹t$(W‹ù…öt ƒ|$0v3Àf‰‹L$3ÛCSjŠéi(ˆD$‹Ïÿt$‰l$ Uèäþÿÿ„Àu4Ç²‹Ï‰|$è¯U‹Ïëÿt$$UW蔄Àu‹L$CèìT‹ø…ÿuá3À_^][YY‹l$ …ítÿt$Wè–S÷ØÀþÀˆE…öt ÿt$0WVè«S‹ÃëɋD$‹L$ƒ#‹‹Pü+ƒÀüƒøw‰ÂèPŽÌV‹ñƒ>t‹F+ƒàøPÿ6èIüÿÿ3À‰‰F‰F^ËT$V‹t$W‹|$…öt¶¶Â3ÈÁê3OCGƒîuè_‹Â^ V‹t$3À9Fu(Wj‹È_‹ÑÑêöÁ‹Êtñ ƒ¸íƒïuê‰ †@=rÚ_^ÂU‹ìƒìLM´ÿuèøM´èQ]ÉÂU‹ìƒìLM´ÿuèÛÿu E´PèaM´è(]ÉÂU‹ìƒìLM´ÿuè²ÿuE´ÿu PèPM´èü\É U‹ìƒìLM´ÿuè†ÿu E´PèLM´èÓ\É‹L$‹Q@ƒús ‹D$‹‰‘ÿA@‹L$‹Q@ƒús ‹D$‹‰‘ÿA@ÿt$ QèÃÿÿÿ ‹L$‹Q@ƒús ‹D$‰‘ÿA@Â3ÀÇA‰‰Af‰A ‹ÁÃVW‹ñ¸„•BjY‹þó«j 3ÿF WPèÒN‹D$ƒÄ ‰~@‰~D‰FH‹Æ_^ÂVD$‹ñPjèÐþÿÿj‹Îèä^Âj èÙ‹D$ÆÂV‹ñ€~ uè ÿt$ ÿt$ è$_„ÀuÆF ë2À^ÂV‹ñ€~ uD$Pj èrþÿÿ‹ÎèÐj‹Îè^ÂVD$ ‹ñPD$ Pj èsþÿÿ‹Îè¨j ‹ÎèW^Âé#U‹ììEPjÿu …øÿÿhP螃č…øÿÿPjèRþÿÿ‹MèZÉÃÿB…Àt$jÿt$ ÿt$ hPjhÿB…À•Àë2ÀÂV‹ñè j‹Îè¡^ÃVj‹ñè†ýÿÿj‹Îè·^ÃVD$ ‹ñPD$ Pjè­ýÿÿ‹Îèâj‹Îè‘ètX^Âÿt$jèÈÿÿÿÂVÿt$‹ñjè j ‹Îè8^ÂVD$ ‹ñPD$ Pj èWýÿÿ‹ÎèŒj ‹Îè;^Âÿt$jèÍÿÿÿÂV‹ñ€~ uD$Pj è÷üÿÿ‹ÎèUj‹ÎèÙ^‹T$‹Âƒètƒèt&ƒèt-üuƒ9u‰ÿAƒ9 tõÇëíƒ9tƒ9uãÇëہìD$hPè“þÿÿ„ÀtmSUVj [j t$]‰t$ W·f;Ãtf;ÅuƒÆëî‰t$f…Àt<SVè:Q‹øYY…ÿuUVè+Q‹øYY…ÿt3Àf‰ƒÇD$Pjè#üÿÿ‹÷‰t$…ÿu©_^][ÄÃU‹ìQV‹uþÿu €yu^ÉÂVè ÿÿÿh¤CEü‰uüPèxQ̍D$PD$Pj!èóûÿÿj¹œ­EèÛþÿÿÂVÿt$ ‹ñÿt$ è j‹Îè”ÿÿÿ^ÂVD$ ‹ñPD$ Pj è³ûÿÿ‹Îèèþÿÿj‹Îè—þÿÿ^¸oCÃU‹ìÿuÿuÿuÿu ÿuèãÿÿÿÿpÿ0誃ąÀyƒÈÿ]ÃIÿ3Àf‰A2ˆA ‰Af‰A‰4ˆA0f‰A$‰A‰A(‰A,‹ÁLj•BfÇAÆAÇA Ã3À‰‰‰‰‰ ‰$‹ÁÃU‹ìd¡jÿh£ŠBPd‰%ƒyÿLj•Bt€yu€ytè{ëèF‹Môd‰ ÉÃÌÌÌÌÌÌÌÌÌÌ
request_handle: 0x00cc000c
1 1 0

InternetReadFile

buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $,CyáCyáCyáâ~Iyáä~Ëyáå~Qyá–å~Lyá–â~Ryá–ä~byáà~FyáCyàyáØè~@yáØá~ByáØByáØã~ByáRichCyáPELÅl¾dà! ތ>ð°@ Jœ<K<€øT ?p?@ð,.textVÝÞ `.rdataîaðbâ@@.dataD` D@À.rsrcø€P@@.relocTR@Bj h¨<¹phè?#hêèŒ*YÃÌÌÌj8hÌ<¹ˆhè#h`êèl*YÃÌÌÌj8hÌ<¹ hèÿ"hÀêèL*YÃÌÌÌj8hÌ<¹¸hèß"h ëè,*YÃÌÌÌj8h=¹Ðhè¿"h€ëè *YÃÌÌÌj0hD=¹èhèŸ"hàëèì)YÃÌÌÌj0hx=¹iè"h@ìèÌ)YÃÌÌÌh€h°=¹iè\"h ìè©)YÃj?h€>¹0iè?"híèŒ)YÃÌÌ̋ÁÂÌÌÌÌÌÌÌÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPèÂ2ƒÄ‹Æ^]ÂÌÌ̋I¸|<…ÉEÁÃÌÌU‹ìV‹ñFÇ”ñPèó2ƒÄöEt j Vè«%ƒÄ‹Æ^]AÇ”ñPèÉ2YÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌWÀ‹ÁfÖAÇA<ÇìñÃÌÌÌÌÌÌÌÌU‹ìƒì MôèÒÿÿÿhˆJEôPè›2ÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPèò1ƒÄÇìñ‹Æ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPè²1ƒÄÇ ñ‹Æ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQS‹ZVWQS‹ñè‹=€h3É3À‰}ü…Û~53Ò;NjþEЃ=„h¸phCphƒ~r‹>ŠˆA‹}üB;Ë|˃~r‹_Æ‹Æ^[‹å]Ã_Æ‹Æ^[‹å]ÃÌÌÌÌÌU‹ìƒìSVW‹ò‹ùQ‰}ô‹FP‰Eðè“3ۉ]ø9]ðŽ)Dƒ~‹Ær‹¾Pè¯KƒÄ…Àu-‹N‹Æƒùr‹€< t‹Æƒùr‹ƒ‹Ïr‹Šé̃~‹Ær‹‹=@i3ҋ Di…ÿt+ŠˆEÿfDŠ]ÿƒù¸0iC0i8‹]øtB;×ráƒÊÿ‹E‹Èƒxr‹3À…ÿt.Š ˆMÿDƒ=Di¹0iŠ]ÿC 0i8‹]øt@;Çr݃Èÿƒ=Di¹0iC 0i‰Mì‹Mô‰Møƒyr‹ ‰Mø‹Ï+ȍ 3Ò÷÷‹Mì‹}ôŠ ‹MøˆC‰]ø;]ðŒÜþÿÿƒr‹Æ‹Ç_^[‹å]ÃÆ‹Ç_^[‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìƒì@SVW‹Ù‹òQMĉ]ôèçýÿÿEċÖPMÜèYþÿÿhÇCÇCÆè°"‹Ø¹ƒÈÿ‰]ø‹ûƒÄ ó«3Ò„¾Š8>‰‹Bƒú@|ð‹Uì3ö3ۍ~ø…ÒtA‹Møƒ}ðEÜCEܾ‹ƒøÿt'ÁæðƒÇx‹Ï‹ÆÓø‹MôPè‹Uìƒï‹MøC;Úr‹Eø…ÀthPèð!ƒÄ‹Uðƒúr(‹MÜB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwVRQèÀ!ƒÄ‹UØÇEìÇEðÆE܃úr(‹MÄB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQè~!ƒÄ‹Eô_^[‹å]Ãè›GÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì4‹E0SVW3ÿÆEè¾…À„‹]ÇEàÇEäÆEÐ;Ç‚´+ǍMÐ;ÃB؃}4E CE SÇPèƒþr.‹MèV‹Áúr‹IüƒÂ#+ÁƒÀüƒø‡hRQè× ƒÄMЃ}Uó~EàEèCUƒ}ä‹uà‹]f~ÉMèCÁfÖEø;óu\ƒîr‹; uƒÀƒÂƒîsïƒþü„îŠ: u7ƒþý„ߊH:Ju&ƒþþ„ΊH:Juƒþÿ„½Š@:B„±‹E0G‹uü;ø‚õþÿÿ3ÿ‹Uƒþr/‹MèF‹Áþr‹IüƒÆ#+ÁƒÀüƒø‡’VQè ‹UƒÄ‹Eƒør'H‹Âùr‹RüƒÁ#+ƒÀüƒøw`QRèσċU4ÇEÇEÆEƒúr3‹M B‹Áúr‹IüƒÂ#+ÁƒÀüƒøwë ‹uüGéWÿÿÿRQ肃ċÇ_^[‹å]Ãè Eè«ÌÌÌÌÌÌÌÌÌÌÌU‹ìQS‹]V‹ñ‰]üWjhÀ>ÇFÇFÆèD3ÿ…Û~1ƒ}ECEŠ8S¿C €ú¶È¶ÃGȶÁ‹ÎPèG;}ü|ϋUƒúr(‹MB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQèуÄ_‹Æ^[‹å]ÃèïDÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì0VWj$hÄ>MÐÇEàÇEäÆEÐè—‹E…Àu3öéÇ3ÿ…À„¸ÇEøÇEüÆEè;Ç‚F+ǹ;ÁBȃ}ECEQǍMèPèBƒìEЋÌPètƒìEè‹ôƒì‹ÌPèa‹ÎèªþÿÿƒÄè¢üÿÿ‹UüƒÄ0…À„šƒúr,‹MèB‹Áúr‹IüƒÂ#+ÁƒÀüƒø‡¹RQèǃċEG;ø‚Hÿÿÿ¾‹Uäƒúr(‹MÐB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwxRQ膃ċUƒúr^‹MB‹ÁúrF‹IüƒÂ#+ÁƒÀüƒøwHë4ƒúr(‹MèB‹Áúr‹IüƒÂ#+ÁƒÀüƒøw#RQè1ƒÄ3öétÿÿÿRQè ƒÄ_‹Æ^‹å]Ãè?CèJÌÌÌÌÌÌÌÌÌÌU‹ìQ‹E‹U‹MV…À„‚S@WPè] ƒÄMƒ}‹Ø‹ÓCM+ъIˆD ÿ„Àuó‹óNŠF„Àuù+ñFVjÿðV‹øSWÿðPèÇ5ƒÄ WÿðjÿñÿñWjÿñÿ ñ‹U‹M_[^ƒúr%B‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQèAƒÄ‹å]ÃèdBÌÌÌÌU‹ìƒì$SVW‹ùjÇGÇGÆÿñ…À„‡j ÿ$ñ‹Ø‰]ü…Û„lSÿð‰Eô…À„SjjjjjÿPjhéýÿ ð‹ð‰uø…öŽ.‹WN;Êw‰O‹Çƒr‹ÆëF‹G‹Ù+Ú+Â;Øw%ƒ‹Ç‰Or‹S4jVèE,ÆƒÄ ‹uøëQSÆEø‹ÏÿuøS訋]üƒ‹Çr‹jjVPjÿÿuô
request_handle: 0x00cc000c
1 1 0
section {u'size_of_data': u'0x00078400', u'virtual_address': u'0x0000c000', u'entropy': 7.874881807840722, u'name': u'.rsrc', u'virtual_size': u'0x00079000'} entropy 7.87488180784 description A section with a high entropy has been found
entropy 0.936708860759 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExW

regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x000003a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

regkey_r: 7-Zip
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExW

regkey_r: AddressBook
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

regkey_r: Adobe AIR
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExW

regkey_r: Connection Manager
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

regkey_r: DirectDrawEx
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

regkey_r: EditPlus
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

regkey_r: Fontcore
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

regkey_r: Google Chrome
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

regkey_r: Haansoft HWord 80 Korean
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

regkey_r: IE40
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

regkey_r: IE4Data
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

regkey_r: IE5BAKEX
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

regkey_r: IEData
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

regkey_r: MobileOptionPack
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

regkey_r: Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExW

regkey_r: Office15.PROPLUSR
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR
1 0 0

RegOpenKeyExW

regkey_r: SchedulingAgent
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

regkey_r: WIC
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

regkey_r: {00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExW

regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

regkey_r: {26A24AE4-039D-4CA4-87B4-2F32180131F0}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
1 0 0

RegOpenKeyExW

regkey_r: {4A03706F-666A-4037-7777-5F2748764D10}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
1 0 0

RegOpenKeyExW

regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0015-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0016-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0018-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0019-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001A-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001B-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001F-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001F-040C-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-001F-0C0A-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-002C-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0044-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-006E-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0090-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-00A1-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-00E1-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-00E2-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0115-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-0117-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {90150000-012B-0409-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {91150000-0011-0000-0000-0000000FF1CE}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExW

regkey_r: {AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}
1 0 0

RegOpenKeyExW

regkey_r: {BB8B979E-E336-47E7-96BC-1031C1B94561}
base_handle: 0x000003a8
key_handle: 0x000003ac
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
1 0 0
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
wmi SELECT * FROM Win32_Processor
host 141.94.192.217
host 77.91.124.47
host 77.91.124.84
host 77.91.68.248
host 77.91.68.61
file C:\ProgramData\AVAST Software
file C:\ProgramData\Avira
file C:\ProgramData\Kaspersky Lab
file C:\ProgramData\Panda Security
file C:\ProgramData\Bitdefender
file C:\ProgramData\AVG
file C:\ProgramData\Doctor Web
Time & API Arguments Status Return Repeated

ControlService

service_handle: 0x000000001a90ce50
service_name: None
control_code: 1
0 0

ControlService

service_handle: 0x000000001a90d090
service_name: None
control_code: 1
0 0
Time & API Arguments Status Return Repeated

NtQuerySystemInformation

information_class: 8 (SystemProcessorPerformanceInformation)
1 0 0
description ohcompetitive.exe tried to sleep 2728223 seconds, actually delayed analysis time by 2728223 seconds
description pdates.exe tried to sleep 143 seconds, actually delayed analysis time by 143 seconds
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\foto5566.exe reg_value C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fotod250.exe reg_value C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\an.exe reg_value C:\Users\test22\AppData\Local\Temp\1000011051\an.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\raman.exe reg_value C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP003.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP004.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
Time & API Arguments Status Return Repeated

LdrGetDllHandle

module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0

LdrGetDllHandle

module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate
file C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml
wmi SELECT * FROM AntivirusProduct
wmi SELECT * FROM Win32_VideoController
wmi SELECT * FROM Win32_OperatingSystem
wmi SELECT * FROM Win32_Process Where SessionId='1'
wmi SELECT * FROM AntiSpyWareProduct
wmi SELECT * FROM FirewallProduct
wmi SELECT * FROM Win32_DiskDrive
wmi SELECT * FROM Win32_Processor
Time & API Arguments Status Return Repeated

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java 8 Update 131
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java Auto Updater
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Access MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Excel MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft PowerPoint MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Publisher MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Outlook MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Word MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing Tools 2013 - English
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Outils de vérification linguistique 2013 de Microsoft Office - Français
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing Tools 2013 - Español
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft InfoPath MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft DCF MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft OneNote MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Groove MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OSM MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OSM UX MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared Setup Metadata MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Access Setup Metadata MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Lync MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Acrobat Reader DC MUI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000003ac
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java 8 Update 131
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName
1 0 0

RegQueryValueExW

key_handle: 0x000002c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java Auto Updater
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
1 0 0
cmdline "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit
cmdline cmd /k echo Y|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit
cmdline CACLS "..\925e7e99c5" /P "test22:R" /E
cmdline CACLS "..\925e7e99c5" /P "test22:N"
cmdline CACLS "pdates.exe" /P "test22:N"
cmdline CACLS "pdates.exe" /P "test22:R" /E
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection