Snort mailing list archives
Comodo Firewall, Comodo Dragon, svchost.exe and MS Office 2016 Triggering Snort IDS Alerts "A Network Trojan was Detected"
From: Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com>
Date: Sun, 4 Nov 2018 03:49:35 +0000
Good morning from Singapore,
Thank you Wei Chea for recommending sysmon and osquery to me.
I have finally been able to pinpoint which Windows processes are triggering Snort Intrusion Detection System (IDS)
alerts "A Network Trojan was detected".
These Windows processes are: Comodo Firewall 10 cmdagent.exe, Comodo Dragon web browser Updater, svchost.exe and
Microsoft Office 2016 Click-to-Run.
I shall reproduce all the 65 Sysmon network events from 2 Nov 2018 to 4 Nov 2018 below. Do you think that my Windows
client operating system have been trojaned?
===BEGIN SYSMON NETWORK EVENTS===
Level Date and Time Source Event ID Task Category
Information 4/11/2018 10:05 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:05:02.210
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 56175
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.204
DestinationHostname: 204.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:05 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:05:02.187
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 56172
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.204
DestinationHostname: 204.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:04 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:04:56.118
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 56144
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:04 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:04:56.104
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 56142
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:04 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:04:13.490
ProcessGuid: {B066A9C4-539E-5BDE-0000-0010469AD33E}
ProcessId: 12572
Image: C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.11001.20074\OfficeClickToRun.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 56128
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:04 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:04:13.199
ProcessGuid: {B066A9C4-539E-5BDE-0000-0010469AD33E}
ProcessId: 12572
Image: C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.11001.20074\OfficeClickToRun.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 56126
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.155
DestinationHostname: 155.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:04 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:59.798
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55930
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:49.837
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55720
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:49.824
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55719
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:49.823
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55718
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:49.806
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55713
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:49.771
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55711
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:31.629
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55684
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:31.610
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55682
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:31.572
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55679
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:25.304
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55671
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 10:03 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 02:03:25.163
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55669
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 8:52 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-04 00:52:47.996
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010F70E0400}
ProcessId: 4780
Image: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55424
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 7:31 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 23:31:49.880
ProcessGuid: {B066A9C4-47EB-5BD2-0000-00104B0A0400}
ProcessId: 4736
Image: C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55160
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.204
DestinationHostname: 204.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 7:24 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 23:24:35.523
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010BBFB0300}
ProcessId: 4408
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 55127
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 6:24 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 22:24:24.552
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010BBFB0300}
ProcessId: 4408
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 54884
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 2:52 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 18:52:48.266
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010F70E0400}
ProcessId: 4780
Image: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 54211
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 4/11/2018 1:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 17:30:50.251
ProcessGuid: {B066A9C4-47EB-5BD2-0000-00104B0A0400}
ProcessId: 4736
Image: C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53944
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.204
DestinationHostname: 204.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:32 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:32:17.044
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53587
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:32 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:32:07.076
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53585
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:32 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:32:07.063
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53584
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:32 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:32:02.032
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53581
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:31 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:31:42.039
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53578
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:31 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:31:42.039
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53577
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:31 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:31:18.941
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53568
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:31 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:31:18.939
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53567
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:31 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:31:08.981
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53563
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:31 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:31:08.959
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53564
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:45.361
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53559
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:35.381
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53553
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:35.373
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53554
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:19.991
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53549
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:10.017
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53542
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:10.004
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53543
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:09.270
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53537
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:09.256
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53536
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:07.638
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53533
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:02.631
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53516
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.138
DestinationHostname: 138.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:30:02.592
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53514
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.138
DestinationHostname: 138.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:29:58.876
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53511
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.138
DestinationHostname: 138.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:29:58.150
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53505
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.138
DestinationHostname: 138.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:29:58.110
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53502
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.138
DestinationHostname: 138.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:29:58.041
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53500
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.150
DestinationHostname: 150.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:29:57.668
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53497
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 23:30 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 15:29:57.653
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 53496
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.139
DestinationHostname: 139.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 20:52 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 12:52:53.442
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010F70E0400}
ProcessId: 4780
Image: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 52916
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 19:29 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 11:29:51.027
ProcessGuid: {B066A9C4-47EB-5BD2-0000-00104B0A0400}
ProcessId: 4736
Image: C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 52640
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.204
DestinationHostname: 204.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 15:53 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 07:53:46.646
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010BBFB0300}
ProcessId: 4408
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 51813
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 15:19 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 07:19:38.319
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010BBFB0300}
ProcessId: 4408
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 51706
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 14:52 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 06:52:49.117
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010F70E0400}
ProcessId: 4780
Image: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 51594
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 13:28 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 05:28:50.720
ProcessGuid: {B066A9C4-47EB-5BD2-0000-00104B0A0400}
ProcessId: 4736
Image: C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 51297
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.204
DestinationHostname: 204.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 8:52 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-03 00:52:49.271
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010F70E0400}
ProcessId: 4780
Image: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 50220
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 7:27 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-02 23:27:50.297
ProcessGuid: {B066A9C4-47EB-5BD2-0000-00104B0A0400}
ProcessId: 4736
Image: C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 49961
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.204
DestinationHostname: 204.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 2:52 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-02 18:52:49.783
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010F70E0400}
ProcessId: 4780
Image: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 65395
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 1:26 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-02 17:26:49.203
ProcessGuid: {B066A9C4-47EB-5BD2-0000-00104B0A0400}
ProcessId: 4736
Image: C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
User: NT AUTHORITY\SYSTEM
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 65085
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.204
DestinationHostname: 204.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 1:09 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-02 17:09:00.978
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010BBFB0300}
ProcessId: 4408
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 65020
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.141
DestinationHostname: 141.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 3/11/2018 0:01 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-02 16:01:01.405
ProcessGuid: {B066A9C4-47EB-5BD2-0000-0010BBFB0300}
ProcessId: 4408
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 64768
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.149
DestinationHostname: 149.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 2/11/2018 23:25 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-02 15:25:32.818
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 64665
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.138
DestinationHostname: 138.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 2/11/2018 23:25 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-02 15:25:29.299
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 64661
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.138
DestinationHostname: 138.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
Information 2/11/2018 23:25 Microsoft-Windows-Sysmon 3 Network connection detected (rule:
NetworkConnect) Network connection detected:
RuleName:
UtcTime: 2018-11-02 15:25:28.674
ProcessGuid: {B066A9C4-4865-5BD2-0000-0010A3764A00}
ProcessId: 10440
Image: C:\Windows\System32\svchost.exe
User: NT AUTHORITY\NETWORK SERVICE
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: A.B.C.D
SourceHostname: TEO-EN-MING.teo-en-ming-corp.com
SourcePort: 64657
SourcePortName:
DestinationIsIpv6: false
DestinationIp: 103.1.138.150
DestinationHostname: 150.138.1.103.unknown.m1.com.sg
DestinationPort: 80
DestinationPortName: http
===END SYSMON NETWORK EVENTS===
Please advise. Thank you very much.
===BEGIN SIGNATURE===
Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017
[1] https://tdtemcerts.wordpress.com/
[2] http://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
===END SIGNATURE===
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Comodo Firewall, Comodo Dragon, svchost.exe and MS Office 2016 Triggering Snort IDS Alerts "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Nov 03)
- Re: Comodo Firewall, Comodo Dragon, svchost.exe and MS Office 2016 Triggering Snort IDS Alerts "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Nov 07)
- Re: Comodo Firewall, Comodo Dragon, svchost.exe and MS Office 2016 Triggering Snort IDS Alerts "A Network Trojan was Detected" John Byrne via Snort-users (Nov 07)
- Re: Comodo Firewall, Comodo Dragon, svchost.exe and MS Office 2016 Triggering Snort IDS Alerts "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Nov 08)
- Re: Comodo Firewall, Comodo Dragon, svchost.exe and MS Office 2016 Triggering Snort IDS Alerts "A Network Trojan was Detected" John Byrne via Snort-users (Nov 07)
- Re: Comodo Firewall, Comodo Dragon, svchost.exe and MS Office 2016 Triggering Snort IDS Alerts "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Nov 07)