File name: | 58035c7016061be831b1fa2a54f2f883 |
Full analysis: | https://app.any.run/tasks/83f1b20a-345e-43e1-a184-d1b5e5dcd0e4 |
Verdict: | Malicious activity |
Analysis date: | January 11, 2019, 10:06:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
MD5: | 58035C7016061BE831B1FA2A54F2F883 |
SHA1: | EAB58E0AC5672BB5FA77B480FBBD5A0D419EF63D |
SHA256: | FFC031531B0E636699CAAED7600F77ABF7C565398DA48AAEB5C41C4980EA357C |
SSDEEP: | 24576:yhqCY5YEIq+GN+ucdlyGb72MJrdDrl9ECPlc5ey7rANLeMe7SefzrxJiLGs8h:Q+IKfM72KDrlpPlcnBzreLt |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.1) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 4 |
ImageVersion: | 1 |
OSVersion: | 4 |
EntryPoint: | 0x14b0 |
UninitializedDataSize: | 4096 |
InitializedDataSize: | 1957376 |
CodeSize: | 821248 |
LinkerVersion: | 2.31 |
PEType: | PE32 |
TimeStamp: | 2018:12:11 20:29:32+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 11-Dec-2018 19:29:32 |
Detected languages: |
|
TLS Callbacks: | 3 callback(s) detected. |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 8 |
Time date stamp: | 11-Dec-2018 19:29:32 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000C86B0 | 0x000C8800 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.15814 |
.data | 0x000CA000 | 0x000EE624 | 0x000EE800 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.992 |
.rdata | 0x001B9000 | 0x0000C910 | 0x0000CA00 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.67503 |
.bss | 0x001C6000 | 0x00000F60 | 0x00000000 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.idata | 0x001C7000 | 0x0000106C | 0x00001200 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.95821 |
.CRT | 0x001C9000 | 0x00000038 | 0x00000200 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.299236 |
.tls | 0x001CA000 | 0x00000008 | 0x00000200 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x001CB000 | 0x00018DE0 | 0x00018E00 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.59004 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.2994 | 1753 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 4.78265 | 4264 | UNKNOWN | English - United States | RT_ICON |
3 | 4.70007 | 9640 | UNKNOWN | English - United States | RT_ICON |
4 | 4.54503 | 16936 | UNKNOWN | English - United States | RT_ICON |
5 | 4.40796 | 67624 | UNKNOWN | English - United States | RT_ICON |
100 | 2.80283 | 76 | UNKNOWN | English - United States | RT_GROUP_ICON |
KERNEL32.dll |
msvcrt.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3120 | "C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe" | C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3804 | "C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe" -DBG | C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe | 58035c7016061be831b1fa2a54f2f883.exe | |
User: admin Integrity Level: MEDIUM | ||||
2220 | "C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Users\admin\AppData\Local\Temp\data" --log-file=nul --log-severity=disable --resources-dir-path="C:\Users\admin\AppData\Local\Temp\data" --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.99 Safari/537.36" --disable-extensions --disable-pdf-extension --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3804.0.314154356\1421635417" /prefetch:673131151 | C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe | — | 58035c7016061be831b1fa2a54f2f883.exe |
User: admin Integrity Level: MEDIUM | ||||
2300 | "C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Users\admin\AppData\Local\Temp\data" --log-file=nul --log-severity=disable --resources-dir-path="C:\Users\admin\AppData\Local\Temp\data" --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.99 Safari/537.36" --disable-extensions --disable-pdf-extension --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3804.1.185427961\1938207788" /prefetch:673131151 | C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe | — | 58035c7016061be831b1fa2a54f2f883.exe |
User: admin Integrity Level: MEDIUM | ||||
2452 | "C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Users\admin\AppData\Local\Temp\data" --log-file=nul --log-severity=disable --resources-dir-path="C:\Users\admin\AppData\Local\Temp\data" --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.99 Safari/537.36" --disable-extensions --disable-pdf-extension --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3804.2.280295368\1214721750" /prefetch:673131151 | C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe | — | 58035c7016061be831b1fa2a54f2f883.exe |
User: admin Integrity Level: MEDIUM | ||||
2904 | "C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe" --type=utility --channel="3804.3.894612456\1230276859" --lang=en-US --no-sandbox --no-sandbox --lang=en-US --locales-dir-path="C:\Users\admin\AppData\Local\Temp\data" --log-file=nul --log-severity=disable --resources-dir-path="C:\Users\admin\AppData\Local\Temp\data" --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.99 Safari/537.36" /prefetch:-645351001 | C:\Users\admin\AppData\Local\Temp\58035c7016061be831b1fa2a54f2f883.exe | — | 58035c7016061be831b1fa2a54f2f883.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 |
(PID) Process: | (3120) 58035c7016061be831b1fa2a54f2f883.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (3120) 58035c7016061be831b1fa2a54f2f883.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 | |||
(PID) Process: | (3804) 58035c7016061be831b1fa2a54f2f883.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3804) 58035c7016061be831b1fa2a54f2f883.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 |
Operation: | write | Name: | Blob |
Value: 040000000100000010000000410352DC0FF7501B16F0028EBA6F45C50F00000001000000140000005BCAA1C2780F0BCB5A90770451D96F38963F012D090000000100000042000000304006082B0601050507030406082B0601050507030106082B0601050507030206082B06010505070308060A2B0601040182370A0304060A2B0601040182370A030C6200000001000000200000000687260331A72403D909F105E69BCF0D32E1BD2493FFC6D9206D11BCD67707390B000000010000001E000000440053005400200052006F006F0074002000430041002000580033000000140000000100000014000000C4A7B1A47B2C71FADBE14B9075FFC415608589101D00000001000000100000004558D512EECB27464920897DE7B66053030000000100000014000000DAC9024F54D8F6DF94935FB1732638CA6AD77C131900000001000000100000006CF252FEC3E8F20996DE5D4DD9AEF42420000000010000004E0300003082034A30820232A003020102021044AFB080D6A327BA893039862EF8406B300D06092A864886F70D0101050500303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F74204341205833301E170D3030303933303231313231395A170D3231303933303134303131355A303F31243022060355040A131B4469676974616C205369676E617475726520547275737420436F2E311730150603550403130E44535420526F6F7420434120583330820122300D06092A864886F70D01010105000382010F003082010A0282010100DFAFE99750088357B4CC6265F69082ECC7D32C6B30CA5BECD9C37DC740C118148BE0E83376492AE33F214993AC4E0EAF3E48CB65EEFCD3210F65D22AD9328F8CE5F777B0127BB595C089A3A9BAED732E7A0C063283A27E8A1430CD11A0E12A38B9790A31FD50BD8065DFB7516383C8E28861EA4B6181EC526BB9A2E24B1A289F48A39E0CDA098E3E172E1EDD20DF5BC62A8AAB2EBD70ADC50B1A25907472C57B6AAB34D63089FFE568137B540BC8D6AEEC5A9C921E3D64B38CC6DFBFC94170EC1672D526EC38553943D0FCFD185C40F197EBD59A9B8D1DBADA25B9C6D8DFC115023AABDA6EF13E2EF55C089C3CD68369E4109B192AB62957E3E53D9B9FF0025D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E04160414C4A7B1A47B2C71FADBE14B9075FFC41560858910300D06092A864886F70D01010505000382010100A31A2C9B17005CA91EEE2866373ABF83C73F4BC309A095205DE3D95944D23E0D3EBD8A4BA0741FCE10829C741A1D7E981ADDCB134BB32044E491E9CCFC7DA5DB6AE5FEE6FDE04EDDB7003AB57049AFF2E5EB02F1D1028B19CB943A5E48C4181E58195F1E025AF00CF1B1ADA9DC59868B6EE991F586CAFAB96633AA595BCEE2A7167347CB2BCC99B03748CFE3564BF5CF0F0C723287C6F044BB53726D43F526489A5267B758ABFE67767178DB0DA256141339243185A2A8025A3047E1DD5007BC02099000EB6463609B16BC88C912E6D27D918BF93D328D65B4E97CB15776EAC5B62839BF15651CC8F677966A0A8D770BD8910B048E07DB29B60AEE9D82353510 | |||
(PID) Process: | (3804) 58035c7016061be831b1fa2a54f2f883.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 |
Operation: | delete key | Name: | |
Value: |
PID | Process | Filename | Type | |
---|---|---|---|---|
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\Golem.bin | — | |
MD5:— | SHA256:— | |||
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\1.bin | — | |
MD5:— | SHA256:— | |||
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\2.bin | — | |
MD5:— | SHA256:— | |||
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\3.bin | — | |
MD5:— | SHA256:— | |||
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\Golem.dll | executable | |
MD5:40AEAB6728D2B1F10935D8E0BE67CD53 | SHA256:64340B8B8CD4005804C60429345E6756BD677B490EAF446520FB5E4D8682CA4C | |||
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\libpng16-16.dll | executable | |
MD5:307D0B00EADAF4439E0D5DDE250A2EF3 | SHA256:B3950B52704281738855FFE8044B4C6CB470D3245F957C6DA26C2981AC58E70C | |||
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\libstdc++-6.dll | executable | |
MD5:806C24A80C7D66CC997FC4CD7A54E330 | SHA256:26C5D9CF253A1B25AE34730B2A64D5DDAF49CEB596252A1655E7C497F241C4C8 | |||
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\pepflashplayer.dll | executable | |
MD5:E49A8247FEC493C8E86CCCDFE0C8274A | SHA256:385599C4CBFF0AC787B2E6CCB0681EB82E28945E583851055FEEB6B5216A3300 | |||
3804 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\58035c7016061be831b1fa2a54f2f883.ini | text | |
MD5:6BE46840C50D29D0FC4EE18FA5EF1124 | SHA256:20CB08786DF15FCBCAB93CFA858A83EDFE099044ABBAED2DB13CE15AF1C2854E | |||
3120 | 58035c7016061be831b1fa2a54f2f883.exe | C:\Users\admin\AppData\Local\Temp\data\libwinpthread-1.dll | executable | |
MD5:F7B54E9AEEBCD5DA13B6AE08864896B4 | SHA256:A4CE5B6BCC2775A73101F3969D4F108985F25165389124D9050F417AEE21095A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | 200 | 193.31.25.216:80 | http://cdn.resrov.net/golem/Golem.hashs | unknown | text | 1.39 Kb | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | 200 | 193.31.25.216:80 | http://cdn.resrov.net/golem/Golem.bin | unknown | binary | 6.15 Mb | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | 200 | 193.31.25.216:80 | http://cdn.resrov.net/golem/libtiff-5.dll.gz | unknown | compressed | 150 Kb | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | 200 | 193.31.25.216:80 | http://cdn.resrov.net/golem/libgcc_s_sjlj-1.dll.gz | unknown | compressed | 43.1 Kb | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | — | 193.31.25.216:80 | http://cdn.resrov.net/golem/3.bin.gz | unknown | — | — | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | — | 193.31.25.216:80 | http://cdn.resrov.net/golem/2.bin.gz | unknown | — | — | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | — | 193.31.25.216:80 | http://cdn.resrov.net/golem/1.bin.gz | unknown | — | — | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | 200 | 193.31.25.216:80 | http://cdn.resrov.net/golem/pepflashplayer.dll.gz | unknown | compressed | 969 Kb | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | 200 | 193.31.25.216:80 | http://cdn.resrov.net/golem/liblzma-5.dll.gz | unknown | compressed | 80.7 Kb | suspicious |
3120 | 58035c7016061be831b1fa2a54f2f883.exe | GET | 200 | 193.31.25.216:80 | http://cdn.resrov.net/golem/libstdc++-6.dll.gz | unknown | compressed | 394 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3120 | 58035c7016061be831b1fa2a54f2f883.exe | 193.31.25.216:80 | cdn.resrov.net | — | — | suspicious |
3804 | 58035c7016061be831b1fa2a54f2f883.exe | 193.31.25.216:443 | cdn.resrov.net | — | — | suspicious |
Domain | IP | Reputation |
---|---|---|
cdn.resrov.net |
| suspicious |
dns.msftncsi.com |
| shared |
inc.resrov.net |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
3120 | 58035c7016061be831b1fa2a54f2f883.exe | Generic Protocol Command Decode | SURICATA STREAM excessive retransmissions |
Process | Message |
---|---|
58035c7016061be831b1fa2a54f2f883.exe | Adding duplicate animation handler for '1' type
|
58035c7016061be831b1fa2a54f2f883.exe | Adding duplicate animation handler for '1' type
|
58035c7016061be831b1fa2a54f2f883.exe | Adding duplicate animation handler for '2' type
|
58035c7016061be831b1fa2a54f2f883.exe | In file ../include/wx/msw/private/dc.h at line 74: 'SetTextColor' failed with error 0x00000057 (the parameter is incorrect.).
|
58035c7016061be831b1fa2a54f2f883.exe | In file ../include/wx/msw/private/dc.h at line 87: 'SetBkColor' failed with error 0x00000057 (the parameter is incorrect.).
|
58035c7016061be831b1fa2a54f2f883.exe | In file ../src/msw/dc.cpp at line 2542: 'BitBlt' failed with error 0x00000057 (the parameter is incorrect.).
|