Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 24, 2023, 1:41 p.m.	Feb. 24, 2023, 1:43 p.m.

Size	25.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`30b5426ee9183f43fba9a8a6b6b32b97`
SHA256	`e18cf6502122b168dac6c932cd89739e313154ee9b73d6ddd692d4ad990aceb0`
CRC32	`F08722D5`
ssdeep	`96:jFQgbeIBVLyrgoJ/sTfNILBevmXR5MMRWnwLoLEk8LfjNiRB4e3T3ew5tvEzNt:jFhyIaUo/sTfNILwEfdRTLat8LLGTvu`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Is_DotNET_EXE - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
316

Name	Response	Post-Analysis Lookup
argentum.com.br	A 169.47.124.235	169.47.124.235

IP Address	Status	Action
164.124.101.2	Active	Moloch
169.47.124.235	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49169 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49174 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49165 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49178 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49179 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49190 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49168 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49192 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49193 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49177 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49173 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49205 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49175 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49206 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49197 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49176 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49214 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49198 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49219 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49183 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49220 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49213 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49189 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49228 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49199 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49223 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49258 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49166 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49261 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49185 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49170 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49237 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49264 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49196 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49171 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49270 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49248 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49201 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49172 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49274 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49249 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49181 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49285 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49259 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49182 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49226 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49292 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49288 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49191 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49302 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49203 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49233 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49303 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49306 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49207 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49241 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49322 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49307 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49212 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49242 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49309 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49326 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49215 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49244 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49312 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49328 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49246 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49316 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49329 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49222 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49327 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49331 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49238 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49332 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49255 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49337 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49254 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49339 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49341 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49256 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49345 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49211 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49266 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49364 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49347 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49365 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49352 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49224 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49271 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49368 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49354 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49260 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49272 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49376 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49356 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49225 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49290 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49278 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49380 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49293 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49287 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49373 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49381 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49300 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49187 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49391 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49385 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49188 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49295 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49395 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49202 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49386 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49410 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49210 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49387 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49320 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49412 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49388 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49321 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49245 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49323 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49394 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49426 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49250 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49330 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49397 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49251 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49301 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49232 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49346 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49403 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49432 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49236 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49348 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49262 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49434 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49424 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49240 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49349 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49446 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49350 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49308 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49252 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49351 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49267 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49457 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49353 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49460 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49453 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49263 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49358 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49464 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49269 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49359 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49458 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49276 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49371 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49280 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49277 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49378 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49465 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49281 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49279 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49383 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49467 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49389 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49286 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49405 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49289 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49294 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49411 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49296 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49310 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49420 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49297 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49324 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49421 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49298 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49325 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49425 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49299 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49335 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49319 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49304 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49430 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49336 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49340 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49311 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49338 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49342 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49437 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49315 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49343 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49361 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49318 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49440 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49355 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49363 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49333 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49441 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49357 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49367 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49334 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49444 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49360 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49374 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49344 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49447 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49362 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49384 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49366 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49369 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49401 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49370 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49377 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49456 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49406 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49372 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49379 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49407 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49463 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49375 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49390 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49418 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49392 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49382 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49393 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49422 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49396 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49402 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49398 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49423 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49404 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49399 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49429 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49408 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49400 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49409 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49433 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49413 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49414 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49435 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49417 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49436 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49416 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49431 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49419 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49442 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49438 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49439 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49445 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49452 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49450 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49451 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49454 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49455 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49461 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49466 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic
TCP 192.168.56.103:49468 -> 169.47.124.235:80	2030384	ET HUNTING Suspicious Terse Request for .bmp	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 24, 2023, 1:41 p.m.			0	0
IsDebuggerPresent Feb. 24, 2023, 1:41 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 24, 2023, 1:41 p.m.		1	1	0

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET http://argentum.com.br/well-known/acme-challenge/k/h/d/g/Pjogwzrhh.bmp

Performs some HTTP requests (1 event)

request

GET http://argentum.com.br/well-known/acme-challenge/k/h/d/g/Pjogwzrhh.bmp

Allocates read-write-execute memory (usually to unpack itself) (17 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 1835008 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b40000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f32000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 1376256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00980000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002b2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002cc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00610000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002d6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002ba000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002d7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 24, 2023, 1:41 p.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Feb. 24, 2023, 1:41 p.m.	flags: 1158 family: 0	1	0	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Feb. 24, 2023, 1:41 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Feb. 24, 2023, 1:41 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (1 event)

description

vbc.exe tried to sleep 5456486 seconds, actually delayed analysis time by 5456486 seconds

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 events)

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Agensla.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.65640264
McAfee	Artemis!30B5426EE918
Cylance	unsafe
Sangfor	Infostealer.Msil.AgentTesla.V2a8
K7AntiVirus	Trojan-Downloader ( 0059f57b1 )
K7GW	Trojan-Downloader ( 0059f57b1 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D3E99862
VirIT	Trojan.Win32.SmokeLdr.DOG
Cyren	W32/MSIL_Kryptik.GLW.gen!Eldorado
Symantec	MSIL.Downloader!gen7
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.OVC
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-PSW.MSIL.Agensla.gen
BitDefender	Trojan.GenericKD.65640264
Avast	Win32:PWSX-gen [Trj]
Emsisoft	Trojan.GenericKD.65640264 (B)
McAfee-GW-Edition	Artemis!Trojan
FireEye	Trojan.GenericKD.65640264
Sophos	Mal/Generic-S
Webroot	W32.Trojan.MSIL.AGensla
Gridinsoft	Trojan.Win32.Downloader.sa
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agensla.gen
GData	Trojan.GenericKD.65640264
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5387268
VBA32	Downloader.MSIL.gen.rexp
MAX	malware (ai score=86)
Rising	Stealer.Agensla!8.13266 (CLOUD)
Fortinet	MSIL/Agent.OVC!tr.dldr
BitDefenderTheta	Gen:NN.ZemsilF.36276.bm0@aeue!cl
AVG	Win32:PWSX-gen [Trj]
Cybereason	malicious.6d8c38
Panda	Trj/Chgt.AD

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All