Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 28, 2021, 1:24 p.m.	Oct. 28, 2021, 1:27 p.m.

Size	89.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`ff3fffe53dee30a1c24bf86d419bd4ac`
SHA256	`25d79c1a508700c16bfa42039870d590bb3281c271ed02db20899c87259c657f`
CRC32	`00246C00`
ssdeep	`1536:4ZxrW2eq7mQeNzn26jO0+7I+LeScuT1Gd5anG7IW1V7hYxamr+s8jcdMTWgM/D:4bEZQC26S0+7NeSrTcTanGEWLh477MT8`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

c54893932feb406033f276e4e924ea33.exe "C:\Users\test22\AppData\Local\Temp\c54893932feb406033f276e4e924ea33.exe"
1896
- c54893932feb406033f276e4e924ea33.exe "C:\Users\test22\AppData\Local\Temp\c54893932feb406033f276e4e924ea33.exe" -u
  2852

Name	Response	Post-Analysis Lookup
apps.identrust.com	CNAME a1952.dscq.akamai.net CNAME identrust.edgesuite.net A 23.65.188.19 A 23.65.188.16	119.207.65.137
t.gogamec.com	A 104.21.85.99 A 172.67.204.112	172.67.204.112

IP Address	Status	Action
104.21.85.99	Active	Moloch
164.124.101.2	Active	Moloch
172.67.204.112	Active	Moloch
23.65.188.19	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49213 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49226 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49237 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49246 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49199 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49253 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49245 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49255 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49258 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49270 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49273 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49290 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49291 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49293 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49295 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49302 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49234 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49260 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49263 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49264 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49277 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49298 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49305 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49242 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49243 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49252 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49249 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49259 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49254 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49262 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49286 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49289 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49294 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49297 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49300 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49275 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49299 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49301 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49267 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49304 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49274 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49278 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49306 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49292 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49283 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49287 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49296 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49303 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49207 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49213 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49216 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49209 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49204 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49232 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49210 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49206 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49251 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49212 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49208 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49221 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49217 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49222 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49225 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49226 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49237 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49214 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49228 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49246 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49235 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49215 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49248 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49199 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49240 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49250 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49241 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49203 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49253 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49245 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49219 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49218 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49256 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49220 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49223 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49224 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49255 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49236 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49257 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49238 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49258 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49247 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49268 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49229 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49282 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49270 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49230 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49273 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49284 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49290 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49291 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49293 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49233 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49295 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49302 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49234 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49260 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49263 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49264 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49277 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49298 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49239 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49305 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49242 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49243 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49211 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49227 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49231 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49244 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49252 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49249 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49259 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49254 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49261 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49262 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49269 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49272 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49280 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49281 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49286 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49288 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49289 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49294 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49271 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49297 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49300 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49275 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49265 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49299 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49266 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49301 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49267 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49274 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49304 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49278 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49306 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49285 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49292 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49276 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49279 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49283 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49287 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49296 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49303 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 28, 2021, 1:24 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

Performs some HTTP requests (1 event)

request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Oct. 28, 2021, 1:24 p.m.	flags: 15 family: 0		111	0

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.47252368
FireEye	Trojan.GenericKD.47252368
ALYac	Trojan.GenericKD.47252368
Cylance	Unsafe
Sangfor	Backdoor.MSIL.Mokes.bg
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Backdoor:MSIL/Mokes.10565ce5
K7GW	Riskware ( 0040eff71 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent_AGen.E
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.MSIL.Mokes.bg
BitDefender	Trojan.GenericKD.47252368
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Trojan.GenericKD.47252368
Emsisoft	Trojan.GenericKD.47252368 (B)
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.Win32.Agent
Jiangmin	Backdoor.MSIL.fedo
Avira	TR/Redcap.vblhk
Kingsoft	Win32.Hack.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.vb
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
GData	Trojan.GenericKD.47252368
Cynet	Malicious (score: 100)
McAfee	GenericRXAA-FA!FF3FFFE53DEE
MAX	malware (ai score=87)
VBA32	BScope.Trojan.Injector
Malwarebytes	Spyware.PasswordStealer
Yandex	Backdoor.Mokes!zf/PrUqdk28
Fortinet	PossibleThreat.MU
Webroot	W32.Trojan.Gen
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A

c54893932feb406033f276e4e924ea33.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All