Edit tour
Windows
Analysis Report
Week13.exe
Overview
General Information
| Sample name: | Week13.exe |
| Analysis ID: | 1561232 |
| MD5: | a1b8fa53a47b1991ee76a46ee8685b7d |
| SHA1: | 4002a9cffcde9f7f44633457457792564a63bf5d |
| SHA256: | e472fd69b5a891059f44206124baf829cb7583890e2c8e288e311359a2249871 |
| Infos: |   |
 | |
Detection
Amadey
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadey bot
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Machine Learning detection for sample
Uses schtasks.exe or at.exe to add and modify task schedules
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses cacls to modify the permissions of files
Classification
- System is w10x64
Week13.exe (PID: 7124 cmdline: "C:\Users\ user\Deskt op\Week13. exe" MD5: A1B8FA53A47B1991EE76A46EE8685B7D) - oneetx.exe (PID: 6384 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\cb7ae7 01b3\oneet x.exe" MD5: A1B8FA53A47B1991EE76A46EE8685B7D) - schtasks.exe (PID: 5004 cmdline:
"C:\Window s\System32 \schtasks. exe" /Crea te /SC MIN UTE /MO 1 /TN oneetx .exe /TR " C:\Users\u ser\AppDat a\Local\Te mp\cb7ae70 1b3\oneetx .exe" /F MD5: 48C2FE20575769DE916F48EF0676A965) 
conhost.exe (PID: 4916 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 2500 cmdline:
"C:\Window s\System32 \cmd.exe" /k echo Y| CACLS "one etx.exe" / P "user:N" &&CACLS "o neetx.exe" /P "user: R" /E&&ech o Y|CACLS "..\cb7ae7 01b3" /P " user:N"&&C ACLS "..\c b7ae701b3" /P "user: R" /E&&Exi t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 5808 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6196 cmdline:
C:\Windows \system32\ cmd.exe /S /D /c" ec ho Y" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - cacls.exe (PID: 5928 cmdline:
CACLS "one etx.exe" / P "user:N" MD5: 00BAAE10C69DAD58F169A3ED638D6C59) - cacls.exe (PID: 1016 cmdline:
CACLS "one etx.exe" / P "user:R" /E MD5: 00BAAE10C69DAD58F169A3ED638D6C59) - cmd.exe (PID: 6892 cmdline:
C:\Windows \system32\ cmd.exe /S /D /c" ec ho Y" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - cacls.exe (PID: 4456 cmdline:
CACLS "..\ cb7ae701b3 " /P "user :N" MD5: 00BAAE10C69DAD58F169A3ED638D6C59) - cacls.exe (PID: 3260 cmdline:
CACLS "..\ cb7ae701b3 " /P "user :R" /E MD5: 00BAAE10C69DAD58F169A3ED638D6C59)
- oneetx.exe (PID: 5664 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\cb7ae70 1b3\oneetx .exe MD5: A1B8FA53A47B1991EE76A46EE8685B7D)
- oneetx.exe (PID: 1544 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\cb7ae70 1b3\oneetx .exe MD5: A1B8FA53A47B1991EE76A46EE8685B7D)
- oneetx.exe (PID: 5548 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\cb7ae70 1b3\oneetx .exe MD5: A1B8FA53A47B1991EE76A46EE8685B7D)
- oneetx.exe (PID: 5052 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\cb7ae70 1b3\oneetx .exe MD5: A1B8FA53A47B1991EE76A46EE8685B7D)
- oneetx.exe (PID: 3300 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\cb7ae70 1b3\oneetx .exe MD5: A1B8FA53A47B1991EE76A46EE8685B7D)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Amadey | Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. | No Attribution |
{"C2 url": "193.3.19.154/store/games/index.php", "Version": "3.80", "Install Folder": "cb7ae701b3", "Install File": "oneetx.exe"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Amadey | Yara detected Amadey bot | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | ||
| JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | ||
| JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | ||
| JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | ||
| JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | ||
| Click to see the 11 entries | ||||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Source: | Author: Florian Roth (Nextron Systems): | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-22T23:01:49.628585+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50063 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:53.631928+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49731 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:57.875819+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49732 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:02.094612+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49733 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:06.329029+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:10.547760+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:14.766326+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49742 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:19.003986+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49745 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:23.236152+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49747 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:27.476830+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49748 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:31.704018+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49750 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:35.938261+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49751 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:40.172631+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49753 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:44.428618+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49755 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:48.657050+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49766 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:52.891608+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49775 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:57.141702+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49784 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:01.360558+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49795 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:05.657214+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49806 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:09.891778+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49817 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:14.113332+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49828 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:18.344757+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49839 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:22.579523+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49848 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:26.813624+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49858 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:31.047873+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49867 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:44.704283+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49878 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:48.941303+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49909 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:53.173110+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49920 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:57.545622+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49931 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:01.829258+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49942 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:06.063658+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49953 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:10.282475+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49964 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:14.517079+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49973 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:18.751433+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49981 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:23.016897+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49992 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:27.251214+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50003 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:31.485699+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50013 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:35.704474+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50024 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:39.954324+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50035 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:44.188956+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50044 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:48.439563+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50047 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:52.673519+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50048 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:56.908147+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50049 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:01.157745+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50050 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:05.392163+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50051 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:09.626401+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50052 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:13.861186+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50053 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:18.095204+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50054 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:22.350850+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50055 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:26.610715+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50056 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:30.845218+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50057 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:35.097657+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50058 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:39.317669+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50059 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:43.548366+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50060 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:47.767633+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50061 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:52.004667+0100 | 2027700 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 50062 | 193.3.19.154 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-22T23:01:49.628585+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50063 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:53.631928+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:57.875819+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49732 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:02.094612+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:06.329029+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49735 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:10.547760+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49737 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:14.766326+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:19.003986+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:23.236152+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:27.476830+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49748 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:31.704018+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49750 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:35.938261+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49751 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:40.172631+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49753 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:44.428618+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49755 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:48.657050+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49766 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:52.891608+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49775 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:57.141702+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49784 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:01.360558+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49795 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:05.657214+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49806 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:09.891778+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49817 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:14.113332+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49828 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:18.344757+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49839 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:22.579523+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49848 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:26.813624+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49858 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:31.047873+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49867 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:44.704283+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49878 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:48.941303+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49909 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:53.173110+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49920 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:57.545622+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49931 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:01.829258+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49942 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:06.063658+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49953 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:10.282475+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49964 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:14.517079+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49973 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:18.751433+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49981 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:23.016897+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 49992 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:27.251214+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50003 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:31.485699+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50013 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:35.704474+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50024 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:39.954324+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50035 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:44.188956+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50044 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:48.439563+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50047 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:52.673519+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50048 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:56.908147+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50049 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:01.157745+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50050 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:05.392163+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50051 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:09.626401+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50052 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:13.861186+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50053 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:18.095204+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50054 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:22.350850+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50055 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:26.610715+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50056 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:30.845218+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50057 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:35.097657+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50058 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:39.317669+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50059 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:43.548366+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50060 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:47.767633+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50061 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:52.004667+0100 | 2045751 | 1 | A Network Trojan was detected | 192.168.2.4 | 50062 | 193.3.19.154 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-22T23:01:53.630805+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49730 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:02.094616+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49734 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:10.547661+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49739 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:19.004101+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49746 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:27.476781+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49749 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:35.938386+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.4 | 49752 | 193.3.19.154 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | IPs: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Persistence and Installation Behavior | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival | |
|---|
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 Scheduled Task/Job | 21 Virtualization/Sandbox Evasion | LSASS Memory | 21 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | 1 Services File Permissions Weakness | 1 Registry Run Keys / Startup Folder | 11 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 12 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | 1 DLL Side-Loading | 1 Services File Permissions Weakness | 1 Services File Permissions Weakness | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 1 DLL Side-Loading | 1 DLL Side-Loading | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 92% | ReversingLabs | Win32.Trojan.Amadey | ||
| 100% | Avira | HEUR/AGEN.1317762 | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1317762 | ||
| 100% | Joe Sandbox ML | |||
| 92% | ReversingLabs | Win32.Trojan.Amadey |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 193.3.19.154 | unknown | Denmark | 2107 | ARNES-NETAcademicandResearchNetworkofSloveniaSI | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1561232 |
| Start date and time: | 2024-11-22 23:00:48 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 32s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 21 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Week13.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.winEXE@26/6@0/1 |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Week13.exe
| Time | Type | Description |
|---|---|---|
| 17:01:47 | API Interceptor | |
| 22:01:47 | Task Scheduler |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 193.3.19.154 | Get hash | malicious | Amadey, Healer AV Disabler, PureLog Stealer, RedLine | Browse |
| |
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ARNES-NETAcademicandResearchNetworkofSloveniaSI | Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| |
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Healer AV Disabler, PureLog Stealer, RedLine | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
| Process: | C:\Users\user\Desktop\Week13.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 209950 |
| Entropy (8bit): | 6.342521487985493 |
| Encrypted: | false |
| SSDEEP: | 3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU:Wfrnzurs3Czpexj2kGOIu5QTyJMKk |
| MD5: | A1B8FA53A47B1991EE76A46EE8685B7D |
| SHA1: | 4002A9CFFCDE9F7F44633457457792564A63BF5D |
| SHA-256: | E472FD69B5A891059F44206124BAF829CB7583890E2C8E288E311359A2249871 |
| SHA-512: | F685FEF174DED44E2ECA9DF2F75F858611B45672E4DE5D81C868BB7441F476BC20AB8421AE48E2D004B960672C35190C2F4F6B9975A67596DE204918C6E52613 |
| Malicious: | true |
| Yara Hits: |
|
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\Week13.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | true |
| Preview: |
| Process: | C:\Windows\SysWOW64\cacls.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15 |
| Entropy (8bit): | 3.240223928941852 |
| Encrypted: | false |
| SSDEEP: | 3:o3F:o1 |
| MD5: | 509B054634B6DE74F111C3E646BC80FD |
| SHA1: | 99B4C0F39144A92FE42E22473A2A2552FB16BD13 |
| SHA-256: | 07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36 |
| SHA-512: | A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.342521487985493 |
| TrID: |
|
| File name: | Week13.exe |
| File size: | 209'950 bytes |
| MD5: | a1b8fa53a47b1991ee76a46ee8685b7d |
| SHA1: | 4002a9cffcde9f7f44633457457792564a63bf5d |
| SHA256: | e472fd69b5a891059f44206124baf829cb7583890e2c8e288e311359a2249871 |
| SHA512: | f685fef174ded44e2eca9df2f75f858611b45672e4de5d81c868bb7441f476bc20ab8421ae48e2d004b960672c35190c2f4f6b9975a67596de204918c6e52613 |
| SSDEEP: | 3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU:Wfrnzurs3Czpexj2kGOIu5QTyJMKk |
| TLSH: | F524F6257D12C032D561A1B619F5BFF2C59CA828A7B049DB7B800F77DA122F73960E39 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o................. |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x41552f |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x6442E0B0 [Fri Apr 21 19:14:56 2023 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f8cc61ade86cb7277d0ab974de6323cb |
| Instruction |
|---|
| call 00007F66B8C3ECC9h |
| jmp 00007F66B8C3E6B9h |
| jmp 00007F66B8C41809h |
| push ebp |
| mov ebp, esp |
| sub esp, 00000324h |
| push ebx |
| push 00000017h |
| call 00007F66B8C4D819h |
| test eax, eax |
| je 00007F66B8C3E847h |
| mov ecx, dword ptr [ebp+08h] |
| int 29h |
| push 00000003h |
| call 00007F66B8C3E9EBh |
| mov dword ptr [esp], 000002CCh |
| lea eax, dword ptr [ebp-00000324h] |
| push 00000000h |
| push eax |
| call 00007F66B8C3F191h |
| add esp, 0Ch |
| mov dword ptr [ebp-00000274h], eax |
| mov dword ptr [ebp-00000278h], ecx |
| mov dword ptr [ebp-0000027Ch], edx |
| mov dword ptr [ebp-00000280h], ebx |
| mov dword ptr [ebp-00000284h], esi |
| mov dword ptr [ebp-00000288h], edi |
| mov word ptr [ebp-0000025Ch], ss |
| mov word ptr [ebp-00000268h], cs |
| mov word ptr [ebp-0000028Ch], ds |
| mov word ptr [ebp-00000290h], es |
| mov word ptr [ebp-00000294h], fs |
| mov word ptr [ebp-00000298h], gs |
| pushfd |
| pop dword ptr [ebp-00000264h] |
| mov eax, dword ptr [ebp+04h] |
| mov dword ptr [ebp-0000026Ch], eax |
| lea eax, dword ptr [ebp+04h] |
| mov dword ptr [ebp-00000260h], eax |
| mov dword ptr [ebp-00000324h], 00010001h |
| mov eax, dword ptr [eax-04h] |
| push 00000050h |
| mov dword ptr [ebp-00000270h], eax |
| lea eax, dword ptr [ebp-58h] |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x300d8 | 0x64 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x34000 | 0x1e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x35000 | 0x208c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2f360 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x2f474 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2f3d0 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x29000 | 0x204 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x2722d | 0x27400 | f8a1f275d950abfb13b70d936b801360 | False | 0.4442426353503185 | data | 6.4362141478020645 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x29000 | 0x7c74 | 0x7e00 | a9c9e415c77aeb6ff53c4ca6792ae320 | False | 0.4195808531746032 | data | 4.991773718102028 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x31000 | 0x2728 | 0x1800 | 214e19b3a3a6d8354fa90e8a17cf746e | False | 0.08658854166666667 | data | 1.3673078527283469 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x34000 | 0x1e0 | 0x200 | 1b99276507c6356b24a31f63887375df | False | 0.52734375 | data | 4.7176788329467545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x35000 | 0x208c | 0x2200 | 1f9afe88c86e7b78ae326a57253f65d5 | False | 0.7651654411764706 | data | 6.522595049005223 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_MANIFEST | 0x34060 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetFileAttributesA, CreateFileA, CloseHandle, GetSystemInfo, CreateThread, HeapAlloc, GetThreadContext, GetProcAddress, VirtualAllocEx, LocalFree, GetLastError, ReadProcessMemory, GetProcessHeap, CreateProcessA, CreateDirectoryA, SetThreadContext, WriteConsoleW, ReadConsoleW, SetEndOfFile, SetFilePointerEx, GetTempPathA, Sleep, SetCurrentDirectoryA, GetModuleHandleA, GetComputerNameExW, ResumeThread, GetVersionExW, CreateMutexA, VirtualAlloc, WriteFile, VirtualFree, HeapFree, WriteProcessMemory, GetModuleFileNameA, RemoveDirectoryA, ReadFile, HeapReAlloc, HeapSize, GetTimeZoneInformation, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetStringTypeW, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, SetStdHandle, GetFullPathNameW, GetCurrentDirectoryW, DeleteFileW, LCMapStringW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, GetModuleHandleW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RaiseException, SetLastError, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetModuleFileNameW, GetStdHandle, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, CompareStringW, DecodePointer |
| ADVAPI32.dll | RegCloseKey, RegQueryValueExA, GetUserNameA, RegSetValueExA, RegOpenKeyExA, ConvertSidToStringSidW, GetUserNameW, LookupAccountNameW |
| SHELL32.dll | SHGetFolderPathA, ShellExecuteA, SHFileOperationA |
| WININET.dll | HttpOpenRequestA, InternetReadFile, InternetConnectA, HttpSendRequestA, InternetCloseHandle, InternetOpenA, InternetOpenW, InternetOpenUrlA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-22T23:01:49.628585+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50063 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:49.628585+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50063 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:53.630805+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49730 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:53.631928+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49731 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:53.631928+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49731 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:57.875819+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49732 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:01:57.875819+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49732 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:02.094612+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49733 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:02.094612+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49733 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:02.094616+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49734 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:06.329029+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49735 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:06.329029+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49735 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:10.547661+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49739 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:10.547760+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49737 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:10.547760+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49737 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:14.766326+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49742 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:14.766326+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49742 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:19.003986+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49745 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:19.003986+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49745 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:19.004101+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49746 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:23.236152+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49747 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:23.236152+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49747 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:27.476781+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49749 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:27.476830+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49748 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:27.476830+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49748 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:31.704018+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49750 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:31.704018+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49750 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:35.938261+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49751 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:35.938261+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49751 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:35.938386+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.4 | 49752 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:40.172631+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49753 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:40.172631+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49753 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:44.428618+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49755 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:44.428618+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49755 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:48.657050+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49766 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:48.657050+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49766 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:52.891608+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49775 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:52.891608+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49775 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:57.141702+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49784 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:02:57.141702+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49784 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:01.360558+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49795 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:01.360558+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49795 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:05.657214+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49806 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:05.657214+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49806 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:09.891778+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49817 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:09.891778+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49817 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:14.113332+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49828 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:14.113332+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49828 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:18.344757+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49839 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:18.344757+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49839 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:22.579523+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49848 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:22.579523+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49848 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:26.813624+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49858 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:26.813624+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49858 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:31.047873+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49867 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:31.047873+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49867 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:44.704283+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49878 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:44.704283+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49878 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:48.941303+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49909 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:48.941303+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49909 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:53.173110+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49920 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:53.173110+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49920 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:57.545622+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49931 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:03:57.545622+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49931 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:01.829258+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49942 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:01.829258+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49942 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:06.063658+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49953 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:06.063658+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49953 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:10.282475+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49964 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:10.282475+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49964 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:14.517079+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49973 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:14.517079+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49973 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:18.751433+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49981 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:18.751433+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49981 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:23.016897+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 49992 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:23.016897+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 49992 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:27.251214+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50003 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:27.251214+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50003 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:31.485699+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50013 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:31.485699+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50013 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:35.704474+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50024 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:35.704474+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50024 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:39.954324+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50035 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:39.954324+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50035 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:44.188956+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50044 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:44.188956+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50044 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:48.439563+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50047 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:48.439563+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50047 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:52.673519+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50048 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:52.673519+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50048 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:56.908147+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50049 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:04:56.908147+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50049 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:01.157745+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50050 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:01.157745+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50050 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:05.392163+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50051 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:05.392163+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50051 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:09.626401+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50052 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:09.626401+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50052 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:13.861186+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50053 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:13.861186+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50053 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:18.095204+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50054 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:18.095204+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50054 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:22.350850+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50055 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:22.350850+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50055 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:26.610715+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50056 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:26.610715+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50056 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:30.845218+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50057 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:30.845218+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50057 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:35.097657+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50058 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:35.097657+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50058 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:39.317669+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50059 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:39.317669+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50059 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:43.548366+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50060 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:43.548366+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50060 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:47.767633+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50061 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:47.767633+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50061 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:52.004667+0100 | 2027700 | ET MALWARE Amadey CnC Check-In | 1 | 192.168.2.4 | 50062 | 193.3.19.154 | 80 | TCP |
| 2024-11-22T23:05:52.004667+0100 | 2045751 | ET MALWARE Win32/Amadey Bot Activity (POST) M2 | 1 | 192.168.2.4 | 50062 | 193.3.19.154 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 22, 2024 23:01:49.628585100 CET | 49730 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:49.629317045 CET | 49731 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:49.748321056 CET | 80 | 49730 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:49.748414040 CET | 49730 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:49.748624086 CET | 49730 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:49.748878956 CET | 80 | 49731 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:49.749006987 CET | 49731 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:49.749084949 CET | 49731 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:49.868117094 CET | 80 | 49730 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:49.868542910 CET | 80 | 49731 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:53.630805016 CET | 49730 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:53.631927967 CET | 49731 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:53.752497911 CET | 49732 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:53.872020960 CET | 80 | 49732 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:53.872123003 CET | 49732 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:53.872288942 CET | 49732 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:53.991810083 CET | 80 | 49732 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:57.875818968 CET | 49732 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:57.988127947 CET | 49733 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:58.108074903 CET | 80 | 49733 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:58.108370066 CET | 49733 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:58.108654022 CET | 49733 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:58.228135109 CET | 80 | 49733 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:58.657727957 CET | 49734 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:58.777448893 CET | 80 | 49734 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:01:58.777652979 CET | 49734 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:58.777911901 CET | 49734 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:01:58.897564888 CET | 80 | 49734 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:02.094611883 CET | 49733 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:02.094615936 CET | 49734 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:02.207212925 CET | 49735 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:02.327079058 CET | 80 | 49735 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:02.327230930 CET | 49735 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:02.327446938 CET | 49735 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:02.447119951 CET | 80 | 49735 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:06.329029083 CET | 49735 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:06.442130089 CET | 49737 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:06.561777115 CET | 80 | 49737 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:06.561893940 CET | 49737 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:06.562109947 CET | 49737 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:06.681605101 CET | 80 | 49737 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:07.110840082 CET | 49739 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:07.230732918 CET | 80 | 49739 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:07.230842113 CET | 49739 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:07.231005907 CET | 49739 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:07.350564957 CET | 80 | 49739 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:10.547661066 CET | 49739 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:10.547760010 CET | 49737 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:10.657772064 CET | 49742 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:10.777371883 CET | 80 | 49742 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:10.777508974 CET | 49742 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:10.777719975 CET | 49742 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:10.897156954 CET | 80 | 49742 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:14.766325951 CET | 49742 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:14.878973007 CET | 49745 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:14.998600960 CET | 80 | 49745 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:14.998905897 CET | 49745 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:14.999185085 CET | 49745 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:15.118693113 CET | 80 | 49745 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:15.579031944 CET | 49746 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:15.698724031 CET | 80 | 49746 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:15.698942900 CET | 49746 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:15.699085951 CET | 49746 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:15.818614006 CET | 80 | 49746 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:19.003985882 CET | 49745 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:19.004101038 CET | 49746 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:19.110941887 CET | 49747 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:19.230768919 CET | 80 | 49747 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:19.230910063 CET | 49747 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:19.231146097 CET | 49747 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:19.350619078 CET | 80 | 49747 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:23.236151934 CET | 49747 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:23.347423077 CET | 49748 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:23.467056036 CET | 80 | 49748 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:23.467179060 CET | 49748 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:23.467364073 CET | 49748 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:23.587944984 CET | 80 | 49748 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:24.017003059 CET | 49749 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:24.136847973 CET | 80 | 49749 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:24.137005091 CET | 49749 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:24.137197018 CET | 49749 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:24.256700993 CET | 80 | 49749 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:27.476780891 CET | 49749 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:27.476830006 CET | 49748 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:27.581760883 CET | 49750 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:27.702086926 CET | 80 | 49750 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:27.702327967 CET | 49750 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:27.702537060 CET | 49750 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:27.822140932 CET | 80 | 49750 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:31.704018116 CET | 49750 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:31.816598892 CET | 49751 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:31.936563969 CET | 80 | 49751 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:31.936749935 CET | 49751 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:31.936975956 CET | 49751 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:32.056668997 CET | 80 | 49751 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:32.491291046 CET | 49752 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:32.611124992 CET | 80 | 49752 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:32.611305952 CET | 49752 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:32.648214102 CET | 49752 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:32.767884016 CET | 80 | 49752 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:35.938261032 CET | 49751 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:35.938385963 CET | 49752 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:36.048470974 CET | 49753 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:36.168528080 CET | 80 | 49753 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:36.168637991 CET | 49753 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:36.169647932 CET | 49753 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:36.289199114 CET | 80 | 49753 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:40.172631025 CET | 49753 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:40.297564030 CET | 49755 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:40.417481899 CET | 80 | 49755 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:40.417676926 CET | 49755 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:40.418342113 CET | 49755 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:40.537878990 CET | 80 | 49755 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:44.428617954 CET | 49755 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:44.533211946 CET | 49766 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:44.654247046 CET | 80 | 49766 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:44.654386044 CET | 49766 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:44.654630899 CET | 49766 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:44.774225950 CET | 80 | 49766 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:48.657049894 CET | 49766 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:48.768798113 CET | 49775 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:48.888768911 CET | 80 | 49775 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:48.888879061 CET | 49775 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:48.889089108 CET | 49775 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:49.008615971 CET | 80 | 49775 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:52.891608000 CET | 49775 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:53.017227888 CET | 49784 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:53.136930943 CET | 80 | 49784 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:53.137155056 CET | 49784 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:53.137406111 CET | 49784 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:53.256870985 CET | 80 | 49784 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:57.141701937 CET | 49784 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:57.253987074 CET | 49795 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:57.373831987 CET | 80 | 49795 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:02:57.373915911 CET | 49795 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:57.374092102 CET | 49795 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:02:57.495467901 CET | 80 | 49795 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:01.360558033 CET | 49795 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:01.472546101 CET | 49806 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:01.647692919 CET | 80 | 49806 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:01.647795916 CET | 49806 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:01.647985935 CET | 49806 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:01.805717945 CET | 80 | 49806 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:05.657213926 CET | 49806 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:05.768879890 CET | 49817 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:05.888582945 CET | 80 | 49817 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:05.888711929 CET | 49817 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:05.888936043 CET | 49817 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:06.008445024 CET | 80 | 49817 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:09.891777992 CET | 49817 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:10.003685951 CET | 49828 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:10.123986006 CET | 80 | 49828 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:10.124131918 CET | 49828 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:10.124281883 CET | 49828 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:10.243743896 CET | 80 | 49828 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:14.113332033 CET | 49828 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:14.224224091 CET | 49839 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:14.343885899 CET | 80 | 49839 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:14.344028950 CET | 49839 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:14.344291925 CET | 49839 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:14.463934898 CET | 80 | 49839 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:18.344757080 CET | 49839 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:18.456516981 CET | 49848 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:18.577773094 CET | 80 | 49848 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:18.579493046 CET | 49848 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:18.579659939 CET | 49848 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:18.699166059 CET | 80 | 49848 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:22.579523087 CET | 49848 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:22.691306114 CET | 49858 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:22.810839891 CET | 80 | 49858 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:22.811070919 CET | 49858 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:22.811232090 CET | 49858 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:22.930710077 CET | 80 | 49858 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:26.813623905 CET | 49858 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:26.925579071 CET | 49867 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:27.045154095 CET | 80 | 49867 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:27.045242071 CET | 49867 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:27.045433998 CET | 49867 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:27.165082932 CET | 80 | 49867 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:31.047873020 CET | 49867 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:31.162137032 CET | 49878 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:31.281738043 CET | 80 | 49878 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:31.281831980 CET | 49878 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:31.282150030 CET | 49878 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:31.401727915 CET | 80 | 49878 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:44.704282999 CET | 49878 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:44.817886114 CET | 49909 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:44.937530994 CET | 80 | 49909 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:44.937666893 CET | 49909 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:44.937906981 CET | 49909 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:45.057671070 CET | 80 | 49909 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:48.941303015 CET | 49909 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:49.053298950 CET | 49920 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:49.172924042 CET | 80 | 49920 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:49.173010111 CET | 49920 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:49.173223019 CET | 49920 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:49.293596983 CET | 80 | 49920 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:53.173110008 CET | 49920 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:53.285933018 CET | 49931 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:53.405692101 CET | 80 | 49931 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:53.405774117 CET | 49931 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:53.405967951 CET | 49931 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:53.525551081 CET | 80 | 49931 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:57.545622110 CET | 49931 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:57.704195976 CET | 49942 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:57.824415922 CET | 80 | 49942 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:03:57.824502945 CET | 49942 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:57.824795008 CET | 49942 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:03:57.944765091 CET | 80 | 49942 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:01.829257965 CET | 49942 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:01.941828012 CET | 49953 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:02.061515093 CET | 80 | 49953 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:02.061600924 CET | 49953 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:02.061980963 CET | 49953 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:02.181472063 CET | 80 | 49953 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:06.063657999 CET | 49953 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:06.175354958 CET | 49964 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:06.294794083 CET | 80 | 49964 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:06.294897079 CET | 49964 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:06.295145988 CET | 49964 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:06.414581060 CET | 80 | 49964 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:10.282474995 CET | 49964 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:10.395657063 CET | 49973 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:10.515227079 CET | 80 | 49973 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:10.515496016 CET | 49973 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:10.519671917 CET | 49973 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:10.639246941 CET | 80 | 49973 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:14.517079115 CET | 49973 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:14.628560066 CET | 49981 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:14.748229027 CET | 80 | 49981 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:14.749531031 CET | 49981 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:14.749638081 CET | 49981 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:14.869158983 CET | 80 | 49981 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:18.751432896 CET | 49981 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:18.863853931 CET | 49992 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:18.985131979 CET | 80 | 49992 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:18.987601042 CET | 49992 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:19.018697977 CET | 49992 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:19.138192892 CET | 80 | 49992 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:23.016896963 CET | 49992 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:23.128665924 CET | 50003 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:23.248241901 CET | 80 | 50003 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:23.248317003 CET | 50003 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:23.248563051 CET | 50003 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:23.383718014 CET | 80 | 50003 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:27.251214027 CET | 50003 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:27.364262104 CET | 50013 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:27.484175920 CET | 80 | 50013 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:27.484256029 CET | 50013 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:27.484415054 CET | 50013 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:27.603969097 CET | 80 | 50013 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:31.485698938 CET | 50013 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:31.598577976 CET | 50024 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:31.718094110 CET | 80 | 50024 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:31.718170881 CET | 50024 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:31.718524933 CET | 50024 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:31.838184118 CET | 80 | 50024 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:35.704473972 CET | 50024 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:35.820086002 CET | 50035 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:35.939560890 CET | 80 | 50035 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:35.939636946 CET | 50035 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:35.939897060 CET | 50035 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:36.059720039 CET | 80 | 50035 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:39.954324007 CET | 50035 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:40.067095041 CET | 50044 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:40.186681032 CET | 80 | 50044 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:40.186773062 CET | 50044 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:40.187061071 CET | 50044 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:40.306531906 CET | 80 | 50044 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:44.188956022 CET | 50044 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:44.303527117 CET | 50047 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:44.423084974 CET | 80 | 50047 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:44.423234940 CET | 50047 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:44.423559904 CET | 50047 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:44.542980909 CET | 80 | 50047 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:48.439563036 CET | 50047 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:48.551609993 CET | 50048 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:48.671241999 CET | 80 | 50048 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:48.671708107 CET | 50048 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:48.675873041 CET | 50048 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:48.795475960 CET | 80 | 50048 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:52.673518896 CET | 50048 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:52.785542011 CET | 50049 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:52.905227900 CET | 80 | 50049 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:52.905644894 CET | 50049 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:52.909507990 CET | 50049 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:53.028903961 CET | 80 | 50049 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:56.908147097 CET | 50049 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:57.021523952 CET | 50050 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:57.141648054 CET | 80 | 50050 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:04:57.141851902 CET | 50050 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:57.142074108 CET | 50050 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:04:57.261655092 CET | 80 | 50050 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:01.157744884 CET | 50050 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:01.270953894 CET | 50051 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:01.391875982 CET | 80 | 50051 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:01.391994953 CET | 50051 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:01.392184019 CET | 50051 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:01.511697054 CET | 80 | 50051 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:05.392163038 CET | 50051 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:05.505002022 CET | 50052 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:05.624890089 CET | 80 | 50052 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:05.624986887 CET | 50052 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:05.625243902 CET | 50052 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:05.745136976 CET | 80 | 50052 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:09.626400948 CET | 50052 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:09.739665985 CET | 50053 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:09.859337091 CET | 80 | 50053 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:09.859435081 CET | 50053 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:09.859699011 CET | 50053 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:09.979588032 CET | 80 | 50053 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:13.861186028 CET | 50053 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:13.973723888 CET | 50054 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:14.093556881 CET | 80 | 50054 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:14.093636990 CET | 50054 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:14.093854904 CET | 50054 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:14.213390112 CET | 80 | 50054 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:18.095204115 CET | 50054 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:18.208044052 CET | 50055 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:18.327743053 CET | 80 | 50055 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:18.329767942 CET | 50055 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:18.333609104 CET | 50055 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:18.453161955 CET | 80 | 50055 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:22.350850105 CET | 50055 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:22.477061987 CET | 50056 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:22.596735001 CET | 80 | 50056 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:22.596859932 CET | 50056 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:22.598258972 CET | 50056 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:22.717988968 CET | 80 | 50056 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:26.610714912 CET | 50056 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:26.722839117 CET | 50057 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:26.842545986 CET | 80 | 50057 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:26.842720985 CET | 50057 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:26.843091965 CET | 50057 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:26.962790012 CET | 80 | 50057 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:30.845217943 CET | 50057 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:30.959628105 CET | 50058 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:31.079607964 CET | 80 | 50058 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:31.079741955 CET | 50058 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:31.080040932 CET | 50058 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:31.199644089 CET | 80 | 50058 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:35.097656965 CET | 50058 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:35.207537889 CET | 50059 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:35.327068090 CET | 80 | 50059 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:35.327141047 CET | 50059 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:35.327351093 CET | 50059 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:35.467480898 CET | 80 | 50059 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:39.317668915 CET | 50059 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:39.427155972 CET | 50060 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:39.546902895 CET | 80 | 50060 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:39.547007084 CET | 50060 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:39.547302008 CET | 50060 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:39.666935921 CET | 80 | 50060 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:43.548366070 CET | 50060 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:43.662460089 CET | 50061 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:43.782196045 CET | 80 | 50061 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:43.782342911 CET | 50061 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:43.782538891 CET | 50061 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:43.902124882 CET | 80 | 50061 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:47.767632961 CET | 50061 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:47.880779028 CET | 50062 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:48.001115084 CET | 80 | 50062 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:48.001311064 CET | 50062 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:48.001888990 CET | 50062 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:48.121491909 CET | 80 | 50062 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:52.004667044 CET | 50062 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:52.114799976 CET | 50063 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:52.234529018 CET | 80 | 50063 | 193.3.19.154 | 192.168.2.4 |
| Nov 22, 2024 23:05:52.234627008 CET | 50063 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:52.234913111 CET | 50063 | 80 | 192.168.2.4 | 193.3.19.154 |
| Nov 22, 2024 23:05:52.354547024 CET | 80 | 50063 | 193.3.19.154 | 192.168.2.4 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:01:49.748624086 CET | 68 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49731 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:01:49.749084949 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49732 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:01:53.872288942 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49733 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:01:58.108654022 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49734 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:01:58.777911901 CET | 68 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49735 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:02.327446938 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49737 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:06.562109947 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49739 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:07.231005907 CET | 68 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.4 | 49742 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:10.777719975 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.4 | 49745 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:14.999185085 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.4 | 49746 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:15.699085951 CET | 68 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.4 | 49747 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:19.231146097 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 12 | 192.168.2.4 | 49748 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:23.467364073 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 13 | 192.168.2.4 | 49749 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:24.137197018 CET | 68 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 14 | 192.168.2.4 | 49750 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:27.702537060 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 15 | 192.168.2.4 | 49751 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:31.936975956 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 16 | 192.168.2.4 | 49752 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:32.648214102 CET | 68 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 17 | 192.168.2.4 | 49753 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:36.169647932 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 18 | 192.168.2.4 | 49755 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:40.418342113 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 19 | 192.168.2.4 | 49766 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:44.654630899 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 20 | 192.168.2.4 | 49775 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:48.889089108 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 21 | 192.168.2.4 | 49784 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:53.137406111 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 22 | 192.168.2.4 | 49795 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:02:57.374092102 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 23 | 192.168.2.4 | 49806 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:01.647985935 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 24 | 192.168.2.4 | 49817 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:05.888936043 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 25 | 192.168.2.4 | 49828 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:10.124281883 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 26 | 192.168.2.4 | 49839 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:14.344291925 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 27 | 192.168.2.4 | 49848 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:18.579659939 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 28 | 192.168.2.4 | 49858 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:22.811232090 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 29 | 192.168.2.4 | 49867 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:27.045433998 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 30 | 192.168.2.4 | 49878 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:31.282150030 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 31 | 192.168.2.4 | 49909 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:44.937906981 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 32 | 192.168.2.4 | 49920 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:49.173223019 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 33 | 192.168.2.4 | 49931 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:53.405967951 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 34 | 192.168.2.4 | 49942 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:03:57.824795008 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 35 | 192.168.2.4 | 49953 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:02.061980963 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 36 | 192.168.2.4 | 49964 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:06.295145988 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 37 | 192.168.2.4 | 49973 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:10.519671917 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 38 | 192.168.2.4 | 49981 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:14.749638081 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 39 | 192.168.2.4 | 49992 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:19.018697977 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 40 | 192.168.2.4 | 50003 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:23.248563051 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 41 | 192.168.2.4 | 50013 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:27.484415054 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 42 | 192.168.2.4 | 50024 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:31.718524933 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 43 | 192.168.2.4 | 50035 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:35.939897060 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 44 | 192.168.2.4 | 50044 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:40.187061071 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 45 | 192.168.2.4 | 50047 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:44.423559904 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 46 | 192.168.2.4 | 50048 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:48.675873041 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 47 | 192.168.2.4 | 50049 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:52.909507990 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 48 | 192.168.2.4 | 50050 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:04:57.142074108 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 49 | 192.168.2.4 | 50051 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:01.392184019 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 50 | 192.168.2.4 | 50052 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:05.625243902 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 51 | 192.168.2.4 | 50053 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:09.859699011 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 52 | 192.168.2.4 | 50054 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:14.093854904 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 53 | 192.168.2.4 | 50055 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:18.333609104 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 54 | 192.168.2.4 | 50056 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:22.598258972 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 55 | 192.168.2.4 | 50057 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:26.843091965 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 56 | 192.168.2.4 | 50058 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:31.080040932 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 57 | 192.168.2.4 | 50059 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:35.327351093 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 58 | 192.168.2.4 | 50060 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:39.547302008 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 59 | 192.168.2.4 | 50061 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:43.782538891 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 60 | 192.168.2.4 | 50062 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:48.001888990 CET | 241 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 61 | 192.168.2.4 | 50063 | 193.3.19.154 | 80 | 6384 | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Nov 22, 2024 23:05:52.234913111 CET | 241 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 17:01:45 |
| Start date: | 22/11/2024 |
| Path: | C:\Users\user\Desktop\Week13.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xfb0000 |
| File size: | 209'950 bytes |
| MD5 hash: | A1B8FA53A47B1991EE76A46EE8685B7D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 17:01:46 |
| Start date: | 22/11/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x440000 |
| File size: | 209'950 bytes |
| MD5 hash: | A1B8FA53A47B1991EE76A46EE8685B7D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
| Has exited: | false |
| Target ID: | 2 |
| Start time: | 17:01:46 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\SysWOW64\schtasks.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xcd0000 |
| File size: | 187'904 bytes |
| MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 17:01:46 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 17:01:46 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x240000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 17:01:46 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 17:01:46 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x240000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 17:01:46 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\SysWOW64\cacls.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd50000 |
| File size: | 27'648 bytes |
| MD5 hash: | 00BAAE10C69DAD58F169A3ED638D6C59 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 8 |
| Start time: | 17:01:46 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\SysWOW64\cacls.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 27'648 bytes |
| MD5 hash: | 00BAAE10C69DAD58F169A3ED638D6C59 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 17:01:47 |
| Start date: | 22/11/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x440000 |
| File size: | 209'950 bytes |
| MD5 hash: | A1B8FA53A47B1991EE76A46EE8685B7D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 17:01:47 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x240000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 17:01:47 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\SysWOW64\cacls.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd50000 |
| File size: | 27'648 bytes |
| MD5 hash: | 00BAAE10C69DAD58F169A3ED638D6C59 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 12 |
| Start time: | 17:01:47 |
| Start date: | 22/11/2024 |
| Path: | C:\Windows\SysWOW64\cacls.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd50000 |
| File size: | 27'648 bytes |
| MD5 hash: | 00BAAE10C69DAD58F169A3ED638D6C59 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 15 |
| Start time: | 17:02:01 |
| Start date: | 22/11/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 209'950 bytes |
| MD5 hash: | A1B8FA53A47B1991EE76A46EE8685B7D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 18 |
| Start time: | 17:03:00 |
| Start date: | 22/11/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x440000 |
| File size: | 209'950 bytes |
| MD5 hash: | A1B8FA53A47B1991EE76A46EE8685B7D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 19 |
| Start time: | 17:04:00 |
| Start date: | 22/11/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x440000 |
| File size: | 209'950 bytes |
| MD5 hash: | A1B8FA53A47B1991EE76A46EE8685B7D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
| Target ID: | 20 |
| Start time: | 17:05:00 |
| Start date: | 22/11/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\cb7ae701b3\oneetx.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x440000 |
| File size: | 209'950 bytes |
| MD5 hash: | A1B8FA53A47B1991EE76A46EE8685B7D |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Has exited: | true |
⊘No disassembly