Network Threat Analysis

Click on any device or the firewall to view its logs. Use the logs to identify the origin system, infected machines, and clean devices, then submit your assessment. If you need help, check the student guide at the bottom

Network diagram showing devices 10.20.2.15, 10.20.2.25, a firewall, and internal hosts 192.168.30.15, 192.168.30.25, 192.168.30.35
📄 Student Guide

Log: 10.20.2.15

6/2/2025 14:30 Info Scheduled scan initiated 6/2/2025 14:31 Info Checking for update 6/2/2025 14:32 Info No update available 6/2/2025 14:33 Info Checking for definition update 6/2/2025 14:34 Info No definition update available 6/2/2025 14:35 Info Scan type = full 6/2/2025 14:36 Info Scan start 6/2/2025 14:37 Info Scanning system files 6/2/2025 14:38 Info Scanning temporary files 6/2/2025 14:39 Info Scanning services 6/2/2025 14:40 Info Scanning boot sector 6/2/2025 14:41 Info Scan complete 6/2/2025 14:42 Info Files removed: 0 6/2/2025 14:43 Info Files quarantined: 0 6/2/2025 14:44 Info Boot sector: clean 6/2/2025 14:45 Info Next scheduled scan: 6/3/2025 14:30 6/3/2025 14:30 Info Scheduled scan initiated 6/3/2025 14:31 Info Checking for update 6/3/2025 14:32 Info No update available 6/3/2025 14:33 Info Checking for definition update 6/3/2025 14:34 Info Update available v10.2.3.4440 6/3/2025 14:35 Info Downloading update 6/3/2025 14:36 Info Definition update complete 6/3/2025 14:35 Info Scan type = full 6/3/2025 14:36 Info Scan start 6/3/2025 14:37 Info Scanning system files 6/3/2025 14:37 Warn File found svch0st.exe match definition v10.2.3.4440 6/3/2025 14:37 Warn File quarantined svch0st.exe 6/3/2025 14:38 Info Scanning temporary files 6/3/2025 14:39 Info Scanning services 6/3/2025 14:40 Info Scanning boot sector 6/3/2025 14:41 Info Scan complete 6/3/2025 14:42 Info Files removed: 0 6/3/2025 14:43 Info Files quarantined: 1 6/3/2025 14:44 Info Boot sector: clean 6/3/2025 14:45 Info Next scheduled scan: 6/4/2025 14:30

Log: 10.20.2.25

6/2/2025 14:30 Info Scheduled scan initiated 6/2/2025 14:31 Info Checking for update 6/2/2025 14:32 Info No update available 6/2/2025 14:33 Info Checking for definition update 6/2/2025 14:34 Info No definition update available 6/2/2025 14:35 Info Scan type = full 6/2/2025 14:36 Info Scan start 6/2/2025 14:37 Info Scanning system files 6/2/2025 14:38 Info Scanning temporary files 6/2/2025 14:39 Info Scanning services 6/2/2025 14:40 Info Scanning boot sector 6/2/2025 14:41 Info Scan complete 6/2/2025 14:42 Info Files removed: 0 6/2/2025 14:43 Info Files quarantined: 0 6/2/2025 14:44 Info Boot sector: clean 6/2/2025 14:45 Info Next scheduled scan: 6/3/2025 14:30 6/3/2025 14:30 Info Scheduled scan initiated 6/3/2025 14:31 Info Checking for update 6/3/2025 14:32 Info No update available 6/3/2025 14:33 Info Checking for definition update 6/3/2025 14:34 Error Unable to reach update server 6/3/2025 14:35 Info Scan type = full 6/3/2025 14:36 Info Scan start 6/3/2025 14:37 Info Scanning system files 6/3/2025 14:37 Warn File svch0st.exe match heuristic pattern 0c09488c08d0f3k 6/3/2025 14:37 Error Unable to quarantine file svch0st.exe 6/3/2025 14:38 Info Scanning temporary files 6/3/2025 14:39 Info Scanning services 6/3/2025 14:40 Info Scanning boot sector 6/3/2025 14:41 Info Scan complete 6/3/2025 14:42 Info Files removed: 0 6/3/2025 14:43 Info Files quarantined: 0 6/3/2025 14:43 Warn File quarantine file 6/3/2025 14:44 Info Boot sector: clean 6/3/2025 14:45 Info Next scheduled scan: 6/4/2025 14:30

Log: 192.168.30.15

6/2/2025 14:30 Info Scheduled scan initiated 6/2/2025 14:31 Info Checking for update 6/2/2025 14:32 Info No update available 6/2/2025 14:33 Info Checking for definition update 6/2/2025 14:34 Info No definition update available 6/2/2025 14:35 Info Scan type = full 6/2/2025 14:36 Info Scan start 6/2/2025 14:37 Info Scanning system files 6/2/2025 14:38 Info Scanning temporary files 6/2/2025 14:39 Info Scanning services 6/2/2025 14:40 Info Scanning boot sector 6/2/2025 14:41 Info Scan complete 6/2/2025 14:42 Info Files removed: 0 6/2/2025 14:43 Info Files quarantined: 0 6/2/2025 14:44 Info Boot sector: clean 6/2/2025 14:45 Info Next scheduled scan: 6/3/2025 14:30 6/3/2025 2:31 Warn Scheduled scan disabled by process svch0st.exe 6/3/2025 2:32 Warn Scheduled update disabled by process svch0st.exe

Log: 192.168.30.25

6/2/2025 14:30 Info Scheduled scan initiated 6/2/2025 14:31 Info Checking for update 6/2/2025 14:32 Info No update available 6/2/2025 14:33 Info Checking for definition update 6/2/2025 14:34 Info No definition update available 6/2/2025 14:35 Info Scan type = full 6/2/2025 14:36 Info Scan start 6/2/2025 14:37 Info Scanning system files 6/2/2025 14:38 Info Scanning temporary files 6/2/2025 14:39 Info Scanning services 6/2/2025 14:40 Info Scanning boot sector 6/2/2025 14:41 Info Scan complete 6/2/2025 14:42 Info Files removed: 0 6/2/2025 14:43 Info Files quarantined: 0 6/2/2025 14:44 Info Boot sector: clean 6/2/2025 14:45 Info Next scheduled scan: 6/3/2025 14:30 6/3/2025 14:30 Info Scheduled scan initiated 6/3/2025 14:31 Info Checking for update 6/3/2025 14:32 Info No update available 6/3/2025 14:33 Info Checking for definition update 6/3/2025 14:34 Info Update available v10.2.3.4440 6/3/2025 14:35 Info Downloading update 6/3/2025 14:36 Info Definition update complete 6/3/2025 14:35 Info Scan type = full 6/3/2025 14:36 Info Scan start 6/3/2025 14:37 Info Scanning system files 6/3/2025 14:37 Warn File found svch0st.exe match definition v10.2.3.4440 6/3/2025 14:37 Info File quarantined svch0st.exe 6/3/2025 14:38 Info Scanning temporary files 6/3/2025 14:39 Info Scanning services 6/3/2025 14:40 Info Scanning boot sector 6/3/2025 14:41 Info Scan complete 6/3/2025 14:42 Info Files removed: 0 6/3/2025 14:43 Info Files quarantined: 1 6/3/2025 14:44 Info Boot sector: clean 6/3/2025 14:45 Info Next scheduled scan: 6/4/2025 14:30

Log: 192.168.30.35

6/2/2025 14:30 Info Scheduled scan initiated 6/2/2025 14:31 Info Checking for update 6/2/2025 14:32 Info No update available 6/2/2025 14:33 Info Checking for definition update 6/2/2025 14:34 Info No definition update available 6/2/2025 14:35 Info Scan type = full 6/2/2025 14:36 Info Scan start 6/2/2025 14:37 Info Scanning system files 6/2/2025 14:38 Info Scanning temporary files 6/2/2025 14:39 Info Scanning services 6/2/2025 14:40 Info Scanning boot sector 6/2/2025 14:41 Info Scan complete 6/2/2025 14:42 Info Files removed: 0 6/2/2025 14:43 Info Files quarantined: 0 6/2/2025 14:44 Info Boot sector: clean 6/2/2025 14:45 Info Next scheduled scan: 6/3/2025 14:30 6/3/2025 14:30 Info Scheduled scan initiated 6/3/2025 14:31 Info Checking for update 6/3/2025 14:32 Info No update available 6/3/2025 14:33 Info Checking for definition update 6/3/2025 14:34 Error Unable to reach update server 6/3/2025 14:35 Info Scan type = full 6/3/2025 14:36 Info Scan start 6/3/2025 14:37 Info Scanning system files 6/3/2025 14:37 Warn File svch0st.exe match heuristic pattern 0c09488c08d0f3k 6/3/2025 14:37 Error Unable to quarantine file svch0st.exe 6/3/2025 14:38 Info Scanning temporary files 6/3/2025 14:39 Info Scanning services 6/3/2025 14:40 Info Scanning boot sector 6/3/2025 14:41 Info Scan complete 6/3/2025 14:42 Info Files removed: 0 6/3/2025 14:43 Info Files quarantined: 0 6/3/2025 14:43 Warn File quarantine file 6/3/2025 14:44 Info Boot sector: clean 6/3/2025 14:45 Info Next scheduled scan: 6/4/2025 14:30

Firewall Log

Timestamp Src. Dest. D/P App. Action Bytes(C/S) 6/2/2025 16:01:44 10.20.2.25 57.203.54.183 443 ssl Permit 6953/99427 6/2/2025 16:01:58 192.168.30.25 57.203.54.221 443 ssl Permit 9301/199386 6/2/2025 16:17:06 192.168.30.15 10.20.2.15 135 rpc Permit 175/1504 6/2/2025 16:27:36 192.168.30.35 10.20.2.15 445 smbv1 Permit 345/34757 6/2/2025 16:28:06 10.20.2.15 192.168.30.35 135 rpc Permit 754/4771 6/2/2025 16:28:16 10.20.2.25 192.168.30.15 135 rpc Permit 643/2355 6/2/2025 16:35:30 192.168.30.25 10.20.2.15 135 smbv2 Permit 649/5644 6/2/2025 23:58:36 10.20.2.15 192.168.30.35 ICMP Permit 128/128 6/2/2025 23:58:36 10.20.2.15 192.168.30.15 ICMP Permit 128/128 6/2/2025 23:58:36 10.20.2.15 192.168.30.25 ICMP Permit 128/128 6/2/2025 23:58:45 10.20.2.25 192.168.30.35 445 smbv2 Permit 1874/23874 6/3/2025 2:31:45 192.168.30.15 57.203.55.29 8080 http Permit 7203/75997 6/3/2025 2:31:51 10.20.2.25 57.203.56.201 443 ssl Permit 9953/199730 6/3/2025 2:31:02 192.168.30.25 57.203.55.234 443 ssl Permit 4937/94937 6/3/2025 2:32:02 192.168.30.35 57.203.55.29 8080 http Permit 4937/84937 6/3/2025 2:38:12 10.20.2.25 57.203.55.19 8080 ssl Permit 1284/9102854 6/3/2025 2:38:11 192.168.30.25 57.203.53.89 443 ssl Permit 9341/9938 6/3/2025 13:38:36 192.168.30.15 10.20.2.25 445 smbv3 Permit 1874/23874 6/3/2025 13:38:43 192.168.30.15 10.20.2.25 135 rpc Permit 673/41358 6/3/2025 13:39:00 10.20.2.15 192.168.30.35 135 rpc Permit 545/9063 6/3/2025 13:39:14 10.20.2.25 192.168.30.15 445 smbv3 Permit 482/3505 6/3/2025 13:52:57 192.168.30.25 10.20.2.15 135 rpc Permit 876/8068 6/3/2025 14:00:04 10.20.2.15 57.203.56.231 443 ssl Permit 9901/199730 6/3/2025 14:30:04 192.168.30.25 57.203.56.143 443 ssl Permit 10092/209938