Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 8, 2024, 9:35 a.m.	Jan. 8, 2024, 9:37 a.m.

Size	4.6MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3133d3642bfa4a27451dc4ba649d0c50`
SHA256	`ac2f25abe3976c01ff6792b10b6bc148fb7ee55ce332cf2e90af1dfce5aca928`
CRC32	`E3FC4FB4`
ssdeep	`98304:pa9Z1yOixQvHGom5W5dS6gzuToeVdbGftiKhiEs5PXOrBGozkojbCU8c:eZ1yOiupjIzuTbafYdsfkojbC`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)

newrock.exe "C:\Users\test22\AppData\Local\Temp\newrock.exe"
2564
- 31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2644
- rty25.exe "C:\Users\test22\AppData\Local\Temp\rty25.exe"
  2688

Name	Response	Post-Analysis Lookup
apps.identrust.com	A 23.67.53.27 A 23.67.53.17 CNAME a1952.dscq.akamai.net CNAME identrust.edgesuite.net	23.67.53.17
i.alie3ksgaa.com	A 154.92.15.189	154.92.15.189

IP Address	Status	Action
154.92.15.189	Active	Moloch
164.124.101.2	Active	Moloch
23.67.53.17	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49172 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49166 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49169 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49170 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49186 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49183 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49181 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49189 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49187 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49191 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49193 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49194 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49196 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49197 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49255 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49287 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49298 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49226 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49237 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49168 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49182 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49245 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49243 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49184 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49249 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49190 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49199 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49264 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49267 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49274 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49277 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49286 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49278 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49297 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49302 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49234 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49289 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49305 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49293 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49252 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49311 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49179 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49294 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49253 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49328 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49300 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49333 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49307 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49339 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49303 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49342 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49273 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49308 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49348 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49283 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49316 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49185 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49354 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49291 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49319 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49299 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49360 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49320 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49312 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49366 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49322 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49321 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49368 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49331 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49323 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49373 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49351 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49327 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49376 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49353 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49343 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49398 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49344 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49402 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49346 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49404 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49357 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49352 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49195 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49412 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49358 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49381 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49362 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49388 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49363 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49396 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49413 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49370 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49399 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49415 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49377 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49400 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49167 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49378 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49401 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49171 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49380 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49403 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49174 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49382 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49407 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49175 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49383 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49410 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49198 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49387 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49421 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49390 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49422 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49395 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49406 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49429 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49414 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49439 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49427 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49254 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49440 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49431 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49258 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49444 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49434 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49259 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49445 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49436 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49260 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49450 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49318 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49263 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49423 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49452 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49426 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49330 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49456 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49437 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49334 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49458 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49438 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49449 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49459 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49335 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49448 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49463 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49454 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49336 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49340 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49460 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49270 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49341 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49347 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49350 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49290 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49361 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49292 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49372 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49295 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49379 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49296 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49301 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49384 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49309 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49386 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49313 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49389 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49315 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49393 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49324 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49419 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49326 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49424 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49329 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49425 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49332 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49428 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49337 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49432 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49338 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49435 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49355 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49446 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49356 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49451 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49453 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49367 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49457 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49369 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49461 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49371 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49242 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49375 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49394 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49405 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49409 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49417 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49246 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49420 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49433 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49441 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49442 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49447 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49462 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49262 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49275 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49304 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49306 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49310 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49314 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49317 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49325 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49345 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49349 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49359 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49364 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49365 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49374 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49385 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49391 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49392 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49397 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49408 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49411 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49416 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49418 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49430 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49443 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49455 -> 154.92.15.189:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49172 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49169 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49166 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49170 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49177 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49180 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49173 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49186 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49183 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49181 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49189 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49187 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49191 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49192 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49193 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49202 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49194 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49205 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49196 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49225 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49210 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49197 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49230 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49211 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49201 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49255 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49212 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49213 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49280 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49214 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49220 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49215 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49287 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49222 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49288 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49216 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49233 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49218 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49298 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49226 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49237 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49168 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49228 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49241 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49178 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49239 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49182 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49245 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49184 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49243 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49188 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49249 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49251 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49190 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49256 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49199 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49261 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49204 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49264 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49267 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49206 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49265 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49208 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49269 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49274 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49217 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49277 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49272 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49227 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49286 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49278 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49229 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49297 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49281 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49231 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49285 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49234 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49302 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49289 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49247 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49305 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49293 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49252 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49311 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49179 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49253 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49294 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49328 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49257 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49333 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49300 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49339 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49266 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49303 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49342 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49273 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49308 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49348 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49283 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49316 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49354 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49291 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49185 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49319 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49299 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49360 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49320 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49312 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49366 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49322 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49321 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49368 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49331 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49323 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49373 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49351 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49327 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49376 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49353 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49343 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49398 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49344 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49402 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49346 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49404 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49352 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49357 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49412 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49195 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49358 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49381 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49164 154.92.15.189:443	C=US, O=Let's Encrypt, CN=R3	CN=i.alie3ksgaa.com	e3:88:72:04:24:5c:12:17:a4:e2:c1:d9:33:f0:d9:60:91:71:d3:dc
TLSv1 192.168.56.101:49362 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49388 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49363 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49396 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49413 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49370 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49399 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49415 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49377 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49400 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49167 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49378 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49401 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49171 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49380 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49403 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49174 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49382 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49407 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49203 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49175 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49383 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49410 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49198 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49387 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49421 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49200 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49390 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49422 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49219 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49395 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49232 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49207 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49406 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49236 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49429 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49414 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49250 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49439 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49427 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49254 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49209 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49440 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49431 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49258 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49444 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49434 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49259 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49445 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49307 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49260 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49450 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49436 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49423 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49318 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49452 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49426 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49330 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49456 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49437 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49334 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49458 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49438 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49449 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49459 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49448 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49335 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49336 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49454 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49340 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49460 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49263 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49221 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49270 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49341 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49279 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49223 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49282 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49347 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49284 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49350 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49224 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49290 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49361 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49292 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49372 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49295 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49296 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49379 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49301 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49384 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49309 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49386 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49313 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49389 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49315 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49393 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49324 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49419 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49326 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49424 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49329 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49235 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49425 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49332 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49428 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49337 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49432 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49338 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49435 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49238 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49355 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49446 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49356 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49451 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49453 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49367 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49240 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49457 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49369 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49461 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49371 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49242 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49375 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49394 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49405 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49244 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49409 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49417 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49420 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49246 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49433 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49441 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49442 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49248 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49447 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49462 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49262 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49268 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49271 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49275 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49276 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49304 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49306 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49310 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49314 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49317 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49325 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49345 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49349 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49359 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49364 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49365 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49374 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49385 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49391 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49392 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49397 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49408 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49411 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49416 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49418 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49430 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49443 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49455 154.92.15.189:443	None	None	None
TLSv1 192.168.56.101:49463 154.92.15.189:443	None	None	None

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 8, 2024, 9:35 a.m.			0	0
IsDebuggerPresent Jan. 8, 2024, 9:35 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 8, 2024, 9:35 a.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Jan. 8, 2024, 9:35 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 0xbd04e1 0xbd03d3 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 7991792 registers.edi: 0 registers.eax: 7991792 registers.ebp: 7991872 registers.edx: 0 registers.ebx: 10778536 registers.esi: 10524456 registers.ecx: 2742849544	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Jan. 8, 2024, 9:35 a.m.

stacktrace:

CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194
LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1
0xbd04e1
0xbd03d3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xe0434f4e
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 7991792
registers.edi: 0
registers.eax: 7991792
registers.ebp: 7991872
registers.edx: 0
registers.ebx: 10778536
registers.esi: 10524456
registers.ecx: 2742849544

Performs some HTTP requests (1 event)

request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bd0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 1966080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02650000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00852000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00905000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0090b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00907000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0086c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0085a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2644 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4161536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f40000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 8, 2024, 9:35 a.m.	process_identifier: 2644 region_size: 9351168 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02a60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 8, 2024, 9:27 a.m.	process_identifier: 2688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000013ffa9000 process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\rty25.exe
file	C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Drops a binary and executes it (2 events)

file	C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
file	C:\Users\test22\AppData\Local\Temp\rty25.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Jan. 8, 2024, 9:27 a.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x004a4200', u'virtual_address': u'0x00002000', u'entropy': 7.947406169101275, u'name': u'.text', u'virtual_size': u'0x004a4024'}

entropy

7.9474061691

description

A section with a high entropy has been found

entropy

0.999579345883

description

Overall entropy of this PE file is high

Executed a process and injected code into it, probably while unpacking (16 events)

Time & API	Arguments	Status	Return
NtResumeThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2564	1	0
NtResumeThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x00000154 suspend_count: 1 process_identifier: 2564	1	0
NtResumeThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x00000190 suspend_count: 1 process_identifier: 2564	1	0
NtResumeThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x0000020c suspend_count: 1 process_identifier: 2564	1	0
NtGetContextThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x000000e4	1	0
NtGetContextThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x000000e4	1	0
NtResumeThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x000000e4 suspend_count: 1 process_identifier: 2564	1	0
NtGetContextThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x000000e4	1	0
NtGetContextThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x000000e4	1	0
NtGetContextThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x000000e4	1	0
NtSetContextThread Jan. 8, 2024, 9:35 a.m.	registers.eip: 1921133444 registers.esp: 7992000 registers.edi: 42169344 registers.eax: 63366312 registers.ebp: 7992024 registers.edx: 14 registers.ebx: 22 registers.esi: 2185428 registers.ecx: 224 thread_handle: 0x000000e4 process_identifier: 2564	1	0
NtResumeThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x000000e4 suspend_count: 1 process_identifier: 2564	1	0
NtResumeThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x00000220 suspend_count: 1 process_identifier: 2564	1	0
CreateProcessInternalW Jan. 8, 2024, 9:35 a.m.	thread_identifier: 2648 thread_handle: 0x000003ac process_identifier: 2644 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003b4	1	1
NtResumeThread Jan. 8, 2024, 9:35 a.m.	thread_handle: 0x00000344 suspend_count: 1 process_identifier: 2564	1	0
CreateProcessInternalW Jan. 8, 2024, 9:35 a.m.	thread_identifier: 2692 thread_handle: 0x000003b4 process_identifier: 2688 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\rty25.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\rty25.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\rty25.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003cc	1	1

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W32.AIDetectMalware.CS
DrWeb	Trojan.MulDropNET.43
MicroWorld-eScan	Gen:Variant.MSIL.Krypt.41
Skyhigh	BehavesLike.Win32.Generic.rc
McAfee	GenericRXPI-VQ!3133D3642BFA
Malwarebytes	Trojan.Crypt.MSIL.Generic
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Ransomware ( 005a8b921 )
K7GW	Ransomware ( 005a8b921 )
Cybereason	malicious.8da9ad
Arcabit	Trojan.MSIL.Krypt.41
BitDefenderTheta	Gen:NN.ZemsilF.36680.@p0@aqcnYPk
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Agent.UZA
APEX	Malicious
ClamAV	Win.Packed.Msilzilla-10018301-0
Kaspersky	HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
BitDefender	Gen:Variant.MSIL.Krypt.41
Avast	Win32:DropperX-gen [Drp]
Emsisoft	Gen:Variant.MSIL.Krypt.41 (B)
F-Secure	Heuristic.HEUR/AGEN.1365025
VIPRE	Gen:Variant.MSIL.Krypt.41
Sophos	Troj/ILAgent-I
SentinelOne	Static AI - Malicious PE
MAX	malware (ai score=85)
Google	Detected
Avira	HEUR/AGEN.1365025
Varist	W32/MSIL_Kryptik.FFY.gen!Eldorado
Kingsoft	malware.kb.c.995
Microsoft	Trojan:MSIL/Mokes.B!MTB
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.ShortLoader.gen
GData	Gen:Variant.MSIL.Krypt.41
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Generic.C4478643
VBA32	Trojan.MSIL.Injector.gen
Cylance	unsafe
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)
Ikarus	Trojan.MSIL.Krypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/GenKryptik.FFMZ!tr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

newrock.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All