raw.githubusercontent.com(151.101.192.133) - malware
rootsec1.linkpc.net(172.111.213.60)
172.111.213.60 - suspicious
151.101.76.133 - suspicious

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)

194.147.115.117 - suspicious

ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
ET INFO Executable Download from dotted-quad Host
ET INFO AutoIt User Agent Executable Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

194.147.115.117 - suspicious

ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
ET INFO Executable Download from dotted-quad Host
ET INFO AutoIt User Agent Executable Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

194.147.115.117 - suspicious

ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
ET INFO Executable Download from dotted-quad Host
ET INFO AutoIt User Agent Executable Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response

194.147.115.117 - suspicious

ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
ET INFO Executable Download from dotted-quad Host
ET INFO AutoIt User Agent Executable Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile

194.147.115.117 - suspicious

ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
ET INFO Executable Download from dotted-quad Host
ET INFO AutoIt User Agent Executable Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response
ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile

http://fancy-yoron-0802.boyfriend.jp/ABW.exe
https://hastebin.com/raw/apafuxemog
https://hastebin.com/raw/geyeqisopu
https://hastebin.com/raw/ubatuvicif
https://hastebin.com/raw/amuxobebix

fancy-yoron-0802.boyfriend.jp(163.44.185.233)
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu(192.253.246.142) - mailcious
hastebin.com(104.24.127.89) - mailcious
163.44.185.233
104.24.126.89 - suspicious
192.253.246.142

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET POLICY PE EXE or DLL Windows file download HTTP