File name: | Baixaki_Mozilla Firefox Quantum_2446375436.exe |
Full analysis: | https://app.any.run/tasks/460a17b4-f0a8-4b6c-a9b7-3c5e17fb0901 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2018, 14:08:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 5CB2040791B5193344F6BAD3BF009911 |
SHA1: | 473C256024F81961E87CAB2BC13D0667433F97F5 |
SHA256: | 205C39E7DF8FCCA22975431CBA650DE13DEC8513648ED0ECBA86440028298065 |
SSDEEP: | 49152:iFvBzuY1D/MgVJ+JHtWjtlBOoE4UfqHCcWBYiFmL:+zTMgVCH4jtrNEr8Ct2OmL |
.exe | | | Inno Setup installer (81.5) |
---|---|---|
.exe | | | Win32 Executable Delphi generic (10.5) |
.exe | | | Win32 Executable (generic) (3.3) |
.exe | | | Win16/32 Executable Delphi generic (1.5) |
.exe | | | Generic Win/DOS Executable (1.4) |
ProductVersion: | 1.4 |
---|---|
ProductName: | Stub Program |
LegalCopyright: | |
FileVersion: | 2.2.2.7 |
FileDescription: | Stub Program Setup |
CompanyName: | |
Comments: | This installation was built with Inno Setup. |
CharacterSet: | Unicode |
LanguageCode: | Neutral |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 0.0.0.0 |
FileVersionNumber: | 2.2.2.7 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5 |
ImageVersion: | 6 |
OSVersion: | 5 |
EntryPoint: | 0x16478 |
UninitializedDataSize: | - |
InitializedDataSize: | 108544 |
CodeSize: | 86016 |
LinkerVersion: | 2.25 |
PEType: | PE32 |
TimeStamp: | 2012:05:29 13:51:48+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 29-May-2012 11:51:48 |
Detected languages: |
|
Comments: | This installation was built with Inno Setup. |
CompanyName: | - |
FileDescription: | Stub Program Setup |
FileVersion: | 2.2.2.7 |
LegalCopyright: | - |
ProductName: | Stub Program |
ProductVersion: | 1.4 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0050 |
Pages in file: | 0x0002 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x000F |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x001A |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000100 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 8 |
Time date stamp: | 29-May-2012 11:51:48 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000143F8 | 0x00014400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.49628 |
.itext | 0x00016000 | 0x00000BE8 | 0x00000C00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.0058 |
.data | 0x00017000 | 0x00000D9C | 0x00000E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.66929 |
.bss | 0x00018000 | 0x0000574C | 0x00000000 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.idata | 0x0001E000 | 0x00000F9E | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.96778 |
.tls | 0x0001F000 | 0x00000008 | 0x00000000 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rdata | 0x00020000 | 0x00000018 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.190489 |
.rsrc | 0x00021000 | 0x0001861C | 0x00018800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.19046 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.05007 | 1376 | Latin 1 / Western European | UNKNOWN | RT_MANIFEST |
2 | 5.60317 | 2440 | Latin 1 / Western European | UNKNOWN | RT_ICON |
3 | 5.51676 | 4264 | Latin 1 / Western European | UNKNOWN | RT_ICON |
4 | 5.27767 | 13032 | Latin 1 / Western European | UNKNOWN | RT_ICON |
5 | 5.24633 | 38056 | Latin 1 / Western European | UNKNOWN | RT_ICON |
4091 | 3.13038 | 196 | Latin 1 / Western European | UNKNOWN | RT_STRING |
4092 | 3.36196 | 204 | Latin 1 / Western European | UNKNOWN | RT_STRING |
4093 | 3.34841 | 372 | Latin 1 / Western European | UNKNOWN | RT_STRING |
4094 | 3.29351 | 924 | Latin 1 / Western European | UNKNOWN | RT_STRING |
4095 | 3.34579 | 844 | Latin 1 / Western European | UNKNOWN | RT_STRING |
advapi32.dll |
comctl32.dll |
kernel32.dll |
oleaut32.dll |
user32.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3876 | "C:\Users\admin\AppData\Local\Temp\Baixaki_Mozilla Firefox Quantum_2446375436.exe" | C:\Users\admin\AppData\Local\Temp\Baixaki_Mozilla Firefox Quantum_2446375436.exe | — | explorer.exe | |||||||||||
User: admin Company: Integrity Level: MEDIUM Description: Stub Program Setup Exit code: 0 Version: 2.2.2.7 Modules
| |||||||||||||||
4024 | "C:\Users\admin\AppData\Local\Temp\Baixaki_Mozilla Firefox Quantum_2446375436.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnl | C:\Users\admin\AppData\Local\Temp\Baixaki_Mozilla Firefox Quantum_2446375436.exe | Baixaki_Mozilla Firefox Quantum_2446375436.exe | ||||||||||||
User: admin Company: Integrity Level: HIGH Description: Stub Program Setup Exit code: 0 Version: 2.2.2.7 Modules
| |||||||||||||||
3764 | /d /c TIMEOUT 1 & cmd /d /c copy /B /Y "C:\Users\admin\AppData\Local\Temp\D81299~1.DAT"+"C:\Users\admin\AppData\Local\Temp\D81299~2.DAT" "C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe" & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D81299~1.DAT" & cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D81299~2.DAT" | C:\Windows\system32\cmd.exe | — | Baixaki_Mozilla Firefox Quantum_2446375436.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3368 | TIMEOUT 1 | C:\Windows\system32\timeout.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: timeout - pauses command processing Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
556 | cmd /d /c copy /B /Y "C:\Users\admin\AppData\Local\Temp\D81299~1.DAT"+"C:\Users\admin\AppData\Local\Temp\D81299~2.DAT" "C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe" | C:\Windows\system32\cmd.exe | cmd.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3048 | cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D81299~1.DAT" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3580 | cmd /d /c del "C:\Users\admin\AppData\Local\Temp\D81299~2.DAT" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3036 | "C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe" /silent /psh:9Nt5X7SAKFaxgikjwPYsU7KEKVWnwXkWvIAtU7mDLFK5gylSuIItV7mKOw3n1HgQvPNLI9LmOwHz0S5QvIsuVbGELVeyhP5GAAAAgbIdYg== | C:\Users\admin\AppData\Local\Temp\in050C527C\0551A3BA_stp\avast_free_antivirus_setup_online.exe | Baixaki_Mozilla Firefox Quantum_2446375436.exe | ||||||||||||
User: admin Company: AVAST Software Integrity Level: HIGH Description: Avast Antivirus Installer Version: 17.1.3394.0 Modules
| |||||||||||||||
3792 | "C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\instup.exe" /cookie:mmm_irs_ppi_002_451_m /edition:1 /ga_clientid:e5bd035c-0cb0-4655-834c-b66f7253ce50 /guid:f7632834-0dfc-4ebd-a462-191f1bb4dffd /prod:ais /sfx:lite /sfxstorage:C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788 /silent /psh:9Nt5X7SAKFaxgikjwPYsU7KEKVWnwXkWvIAtU7mDLFK5gylSuIItV7mKOw3n1HgQvPNLI9LmOwHz0S5QvIsuVbGELVeyhP5GAAAAgbIdYg== | C:\Users\admin\AppData\Local\Temp\_av_iup.tm~a02788\instup.exe | avast_free_antivirus_setup_online.exe | ||||||||||||
User: admin Company: AVAST Software Integrity Level: HIGH Description: Avast Antivirus Installer Version: 17.1.3394.0 Modules
| |||||||||||||||
2468 | "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.baixaki.com.br/portal/redir-partners.asp | C:\Program Files\Mozilla Firefox\firefox.exe | Baixaki_Mozilla Firefox Quantum_2446375436.exe | ||||||||||||
User: admin Company: Mozilla Corporation Integrity Level: HIGH Description: Firefox Exit code: 0 Version: 61.0.2 Modules
|
(PID) Process: | (3876) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (3876) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (4024) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (4024) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (4024) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (4024) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32 |
Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
(PID) Process: | (4024) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32 |
Operation: | write | Name: | EnableConsoleTracing |
Value: 0 | |||
(PID) Process: | (4024) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32 |
Operation: | write | Name: | FileTracingMask |
Value: 4294901760 | |||
(PID) Process: | (4024) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32 |
Operation: | write | Name: | ConsoleTracingMask |
Value: 4294901760 | |||
(PID) Process: | (4024) Baixaki_Mozilla Firefox Quantum_2446375436.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Baixaki_Mozilla Firefox Quantum_2446375436_RASAPI32 |
Operation: | write | Name: | MaxFileSize |
Value: 1048576 |
PID | Process | Filename | Type | |
---|---|---|---|---|
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\00183D14.log | — | |
MD5:— | SHA256:— | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\css\main.css | text | |
MD5:ABBA6D0FAEEE885EDFBB5BB5381A6A98 | SHA256:98AF7066C05C15871AEACD93DF7F0118E3BFE998F738C480A96854434F040500 | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Close.png | image | |
MD5:40B152058A7FBC98401AE5FA9E884DE7 | SHA256:9102A20B58A05B0ECCB7BCF4F775038CFCF023F05D0081B8845E491336D3CC9C | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\images\BG.png | image | |
MD5:BCF307E585EFB78D500673EB7AEE20A6 | SHA256:313810F02E8E3E8F4468D3980DFF2AC5BA8B6F9D0328AD1AE1C14BBFE3AB5AF5 | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\csshover3.htc | html | |
MD5:52FA0DA50BF4B27EE625C80D36C67941 | SHA256:E37E99DDFC73AC7BA774E23736B2EF429D9A0CB8C906453C75B14C029BDD5493 | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\button.css | text | |
MD5:37E1FF96E084EC201F0D95FEEF4D5E94 | SHA256:8E806F5B94FC294E918503C8053EF1284E4F4B1E02C7DA4F4635E33EC33E0534 | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\images\progress-bg-corner.png | image | |
MD5:608F1F20CD6CA9936EAA7E8C14F366BE | SHA256:86B6E6826BCDE2955D64D4600A4E01693522C1FDDF156CE31C4BA45B3653A7BD | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\css\sdk-ui\progress-bar.css | text | |
MD5:5335F1C12201B5F7CF5F8B4F5692E3D1 | SHA256:974CD89E64BDAA85BF36ED2A50AF266D245D781A8139F5B45D7C55A0B0841DDA | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Button.png | image | |
MD5:1897B959717C64E1BE8C925096EF2B96 | SHA256:B7A8CFAD4B8156B481FCD4FCFF205FCD6CD53AEA5BF02C48C2111D9ACFFDDC47 | |||
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | C:\Users\admin\AppData\Local\Temp\inH158850051182\images\Progress.png | image | |
MD5:7EE004072453E86B539A0DDCC0F5B562 | SHA256:53AD17DA8EFAC339A6FB55B08246994B4A813B7EBEADD819B435B9F342068E1F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | HEAD | 200 | 85.159.237.103:80 | http://ww42.lisutodotorot.com/ofr/Tavasat/Tavasat_09Feb17.cis | NL | — | — | malicious |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | GET | — | 192.96.201.161:80 | http://cloud.lisutodotorot.com/ofr/Tavasat/Tavasat_09Feb17.cis | US | — | — | malicious |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | POST | 200 | 54.154.81.16:80 | http://api.lisutodotorot.com/?ralupid=0 | IE | text | 1.59 Kb | malicious |
3792 | instup.exe | GET | 200 | 2.16.186.104:80 | http://l5978727.iavs9x.u.avast.com/iavs9x/part-setup_ais-12070932.vpx | unknown | binary | 88.8 Kb | whitelisted |
3792 | instup.exe | GET | 200 | 2.16.186.104:80 | http://d3116203.iavs9x.u.avast.com/iavs9x/part-prg_ais-12070932.vpx | unknown | binary | 14.5 Kb | whitelisted |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | GET | 200 | 146.185.27.45:80 | http://img.lisutodotorot.com/img/Tavasat/15Feb17/v2/EN.png | GB | image | 43.9 Kb | malicious |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | POST | 200 | 52.210.42.57:80 | http://www.lisutodotorot.com/Baixaki/ | IE | binary | 386 Kb | malicious |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | GET | 206 | 192.96.201.161:80 | http://cloud.lisutodotorot.com/ofr/Tavasat/Tavasat_09Feb17.cis | US | binary | 2.52 Mb | malicious |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | GET | — | 192.96.201.161:80 | http://cloud.lisutodotorot.com/ofr/Tavasat/Tavasat_09Feb17.cis | US | — | — | malicious |
3792 | instup.exe | GET | 200 | 2.16.186.50:80 | http://k6375621.iavs9x.u.avast.com/iavs9x/uat.vpx | unknown | binary | 1.59 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 52.210.42.57:80 | www.lisutodotorot.com | Amazon.com, Inc. | IE | malicious |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 52.31.104.117:80 | www2.lisutodotorot.com | Amazon.com, Inc. | IE | whitelisted |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 192.96.201.161:80 | cloud.lisutodotorot.com | Leaseweb USA, Inc. | US | malicious |
3036 | avast_free_antivirus_setup_online.exe | 77.234.45.53:80 | v7event.stats.avast.com | AVAST Software s.r.o. | DE | unknown |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 52.55.64.207:443 | download.mozilla.org | Amazon.com, Inc. | US | unknown |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 85.159.237.103:80 | ww42.lisutodotorot.com | NForce Entertainment B.V. | NL | malicious |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 151.80.204.61:443 | img.ibxk.com.br | OVH SAS | FR | unknown |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 146.185.27.45:80 | img.lisutodotorot.com | UK-2 Limited | GB | malicious |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 54.154.81.16:80 | api.lisutodotorot.com | Amazon.com, Inc. | IE | whitelisted |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | 52.222.175.200:443 | download-installer.cdn.mozilla.net | Amazon.com, Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
www2.lisutodotorot.com |
| malicious |
api.lisutodotorot.com |
| malicious |
www.lisutodotorot.com |
| malicious |
img.ibxk.com.br |
| suspicious |
img.lisutodotorot.com |
| malicious |
ww42.lisutodotorot.com |
| malicious |
download.mozilla.org |
| whitelisted |
cloud.lisutodotorot.com |
| malicious |
download-installer.cdn.mozilla.net |
| whitelisted |
v7event.stats.avast.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2 |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1 |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4 |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3 |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Generic Protocol Command Decode | SURICATA STREAM FIN out of window |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Generic Protocol Command Decode | SURICATA STREAM ESTABLISHED invalid ack |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Generic Protocol Command Decode | SURICATA STREAM Packet with invalid ack |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Generic Protocol Command Decode | SURICATA STREAM Packet with invalid ack |
4024 | Baixaki_Mozilla Firefox Quantum_2446375436.exe | Generic Protocol Command Decode | SURICATA STREAM SHUTDOWN RST invalid ack |
3792 | instup.exe | unknown | SURICATA IPv4 invalid checksum |
Process | Message |
---|---|
instup.exe | [2018-11-08 14:09:14.666] [error ] [settings ] [ 3792: 1392] Failed to get program directory
Exception: Unable to retrieve path of the program directory!
Code: 0x00000002 (2)
|