Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 28, 2021, 5:40 p.m.	Oct. 28, 2021, 5:42 p.m.

Size	89.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`ff3fffe53dee30a1c24bf86d419bd4ac`
SHA256	`25d79c1a508700c16bfa42039870d590bb3281c271ed02db20899c87259c657f`
CRC32	`00246C00`
ssdeep	`1536:4ZxrW2eq7mQeNzn26jO0+7I+LeScuT1Gd5anG7IW1V7hYxamr+s8jcdMTWgM/D:4bEZQC26S0+7NeSrTcTanGEWLh477MT8`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

c54893932feb406033f276e4e924ea33.exe "C:\Users\test22\AppData\Local\Temp\c54893932feb406033f276e4e924ea33.exe"
812
- c54893932feb406033f276e4e924ea33.exe "C:\Users\test22\AppData\Local\Temp\c54893932feb406033f276e4e924ea33.exe" -u
  2816

Name	Response	Post-Analysis Lookup
apps.identrust.com	CNAME a1952.dscq.akamai.net A 182.162.106.42 CNAME identrust.edgesuite.net A 182.162.106.26	119.207.65.137
t.gogamec.com	A 104.21.85.99 A 172.67.204.112	172.67.204.112

IP Address	Status	Action
104.21.85.99	Active	Moloch
164.124.101.2	Active	Moloch
182.162.106.26	Active	Moloch
61.111.58.34	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49183 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49177 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49186 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49179 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49189 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49195 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49185 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49201 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49204 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49180 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49192 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49202 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49206 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49196 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49211 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49217 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49225 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49216 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49222 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49228 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49184 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49219 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49223 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49229 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49197 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49243 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49239 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49199 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49175 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49240 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49187 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49200 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49246 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49254 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49252 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49203 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49235 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49255 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49178 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49205 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49257 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49236 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49265 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49224 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49181 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49190 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49258 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49266 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49227 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49241 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49263 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49182 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49277 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49191 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49245 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49267 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49230 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49188 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49247 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49233 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49272 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49198 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49248 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49237 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49273 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49214 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49193 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49259 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49244 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49226 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49269 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49251 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49194 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49231 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49271 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49256 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49232 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49279 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49276 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49249 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49280 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49278 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49253 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49281 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49262 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49264 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49268 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49270 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49207 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49274 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49275 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49209 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49210 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49212 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49213 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49215 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49218 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49221 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49234 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49238 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49242 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49250 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49260 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49261 -> 104.21.85.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49183 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49177 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49186 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49179 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49189 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49195 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49185 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49201 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49204 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49180 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49192 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49202 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49206 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49196 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49211 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49217 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49225 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49216 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49222 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49228 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49184 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49219 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49223 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49197 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49243 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49239 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49199 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49175 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49240 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49187 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49200 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49246 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49229 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49254 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49203 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49252 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49235 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49255 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49178 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49205 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49257 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49265 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49224 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49181 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49236 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49190 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49258 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49266 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49241 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49263 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49227 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49182 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49277 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49191 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49245 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49267 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49230 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49188 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49247 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49233 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49272 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49198 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49248 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49237 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49273 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49214 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49193 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49259 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49244 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49226 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49269 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49251 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49194 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49231 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49271 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49256 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49232 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49279 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49276 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49249 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49280 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49278 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49253 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49281 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49262 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49264 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49268 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49270 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49207 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49274 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49275 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49209 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49210 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49212 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49213 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49215 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49218 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49221 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49234 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49238 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49242 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49250 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49260 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.102:49261 104.21.85.99:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 28, 2021, 5:40 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

Performs some HTTP requests (1 event)

request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Oct. 28, 2021, 5:40 p.m.	flags: 15 family: 0		111	0

Communicates with host for which no DNS query was performed (1 event)

host

61.111.58.34

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.47252368
FireEye	Trojan.GenericKD.47252368
ALYac	Trojan.GenericKD.47252368
Cylance	Unsafe
Sangfor	Backdoor.MSIL.Mokes.bg
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Backdoor:MSIL/Mokes.10565ce5
K7GW	Riskware ( 0040eff71 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent_AGen.E
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.MSIL.Mokes.bg
BitDefender	Trojan.GenericKD.47252368
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Trojan.GenericKD.47252368
Emsisoft	Trojan.GenericKD.47252368 (B)
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.Win32.Agent
Jiangmin	Backdoor.MSIL.fedo
Avira	TR/Redcap.vblhk
Kingsoft	Win32.Hack.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.vb
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
GData	Trojan.GenericKD.47252368
Cynet	Malicious (score: 100)
McAfee	GenericRXAA-FA!FF3FFFE53DEE
MAX	malware (ai score=87)
VBA32	BScope.Trojan.Injector
Malwarebytes	Spyware.PasswordStealer
Yandex	Backdoor.Mokes!zf/PrUqdk28
Fortinet	PossibleThreat.MU
Webroot	W32.Trojan.Gen
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A

c54893932feb406033f276e4e924ea33.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All