http://192.227.183.170/mac/Khypvvnsqb.bmp
http://www.lastpartyofyear.com/my28/?2d=p0ujyCWbv7tSv6pBF6BUI0s+ls/Q9V6Q3hOA/098StHlUApBIDy7sCdi2rtFVzlEPonprgU5&2d54=eT8xe2NpinJd0BI

www.9969.voto()
www.lastpartyofyear.com(34.102.136.180)
192.227.183.170 - mailcious
34.102.136.180 - mailcious

ET HUNTING Suspicious Terse Request for .bmp
ET MALWARE FormBook CnC Checkin (GET)

http://www.higano-fe2.com/my28/?Ez=mcTUPOx97ZGy3B1+Y10xg/YclV7skAllQt7bmTx94Z4J9v14rMahHZ489fA1cRLy0Vm9O80A&lhuL=Sxo4ZRA
http://192.227.183.170/mac/Ynbhsuy.dll
http://www.49astleystreet.com/my28/?Ez=+VAUe4t+xmaF92noBAsndN56+z0GlyZ4xiIxgvDciribSLdsxv7/Rp1zqOY349oGooJSGIY2&lhuL=Sxo4ZRA

www.higano-fe2.com(34.117.168.233)
www.49astleystreet.com(52.147.15.202)
www.eoujkbvn.shop()
192.227.183.170
34.117.168.233 - mailcious
52.147.15.202 - mailcious

ET INFO Dotted Quad Host DLL Request
ET MALWARE FormBook CnC Checkin (GET)

192.3.215.60 - mailcious

http://www.kellnovaglobalfood.info/ar73/?AdpL7rd=i6BPGBhGSecaeynnAP1UBBwzioJGNNDALkJtoSYlBAMyqZ2EcpVAY4EIefV2+Ju4HrYELbkz&0pn=WHu8Jjf0PJ

www.kellnovaglobalfood.info(34.102.136.180)
www.quickhealcareltd.co.uk()
www.4652.voto()
192.3.215.60 - mailcious
34.102.136.180 - mailcious

ET MALWARE FormBook CnC Checkin (GET)