Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
VC3SWrkssz

Overview

General Information

Sample Name:VC3SWrkssz
Analysis ID:626433
MD5:981e959599e29b1d9a2968bbf6387bae
SHA1:258686ffea44f41925fd5af6724e69b241079013
SHA256:dc80f285f9f5077f475dbbb184dbcfbbd32f55c2a15bb80dd04bd1ebf7468978
Tags:32elfmipsmirai
Infos:

Detection

Mirai
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626433
Start date and time: 14/05/202202:03:072022-05-14 02:03:07 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 23s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:VC3SWrkssz
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal92.spre.troj.evad.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: http://103.136.43.52/bins/Tsunami.x86

Runtime Messages

Command:/tmp/VC3SWrkssz
PID:6223
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
kebabware installed
Standard Error:

Process Tree

  • system is lnxubuntu20
  • VC3SWrkssz (PID: 6223, Parent: 6121, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/VC3SWrkssz
  • sh (PID: 6281, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • rm (PID: 6311, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
VC3SWrksszSUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0x85d0:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0x863f:$s2: $Id: UPX
  • 0x85f0:$s3: $Info: This file is packed with the UPX executable packer

Memory Dumps

SourceRuleDescriptionAuthorStrings
6228.1.000000008254e41a.0000000043337d44.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x14f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6223.1.000000008254e41a.0000000043337d44.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x14f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x21d60:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x21dbc:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x21e58:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
  • 0x20fe0:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
6223.1.0000000051b72c78.000000009a6fa781.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
    Click to see the 5 entries

    Snort Signatures

    Timestamp:192.168.2.23172.65.225.19835486555552027153 05/14/22-02:04:11.637927
    SID:2027153
    Source Port:35486
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.245.55.12540780528692027339 05/14/22-02:05:10.063522
    SID:2027339
    Source Port:40780
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.247.4656298802027121 05/14/22-02:05:16.496663
    SID:2027121
    Source Port:56298
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.64.9842844555552027153 05/14/22-02:05:20.995117
    SID:2027153
    Source Port:42844
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.48.2645906555552027153 05/14/22-02:05:54.037647
    SID:2027153
    Source Port:45906
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.218.156.21445324802027121 05/14/22-02:05:04.368184
    SID:2027121
    Source Port:45324
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.123.7840044555552027153 05/14/22-02:04:34.703644
    SID:2027153
    Source Port:40044
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.209.159.21034302802027121 05/14/22-02:04:45.560206
    SID:2027121
    Source Port:34302
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.226.79.2647988528692027339 05/14/22-02:04:47.625880
    SID:2027339
    Source Port:47988
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.100.202.19760688802027121 05/14/22-02:04:17.306136
    SID:2027121
    Source Port:60688
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.94.67.1535236802027121 05/14/22-02:04:02.248726
    SID:2027121
    Source Port:35236
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.198.233.19751822802027121 05/14/22-02:04:21.714018
    SID:2027121
    Source Port:51822
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.160.72.15148858802027121 05/14/22-02:04:55.282834
    SID:2027121
    Source Port:48858
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.175.16044936555552027153 05/14/22-02:05:43.540529
    SID:2027153
    Source Port:44936
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.246.6760502555552027153 05/14/22-02:05:45.978345
    SID:2027153
    Source Port:60502
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.245.15651872555552027153 05/14/22-02:04:27.970733
    SID:2027153
    Source Port:51872
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.43.15360046802027121 05/14/22-02:04:49.296960
    SID:2027121
    Source Port:60046
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.40.18455754555552027153 05/14/22-02:04:34.721447
    SID:2027153
    Source Port:55754
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.170.142.9154540802027121 05/14/22-02:05:16.526766
    SID:2027121
    Source Port:54540
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.243.17456044555552027153 05/14/22-02:05:43.557862
    SID:2027153
    Source Port:56044
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.83.120.5454084802027121 05/14/22-02:04:55.111233
    SID:2027121
    Source Port:54084
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.254.55.12150998528692027339 05/14/22-02:04:39.323189
    SID:2027339
    Source Port:50998
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.247.4456996555552027153 05/14/22-02:04:27.965299
    SID:2027153
    Source Port:56996
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.12.181.23545164802027121 05/14/22-02:05:06.625031
    SID:2027121
    Source Port:45164
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.66.14948008555552027153 05/14/22-02:05:09.761803
    SID:2027153
    Source Port:48008
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.35.5552384555552027153 05/14/22-02:05:54.037779
    SID:2027153
    Source Port:52384
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.238.52.23344316528692027339 05/14/22-02:04:03.540343
    SID:2027339
    Source Port:44316
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.124.744862802027121 05/14/22-02:04:07.843399
    SID:2027121
    Source Port:44862
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.151.120.23954210802027121 05/14/22-02:04:04.413192
    SID:2027121
    Source Port:54210
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23197.234.59.17640198372152835222 05/14/22-02:04:48.680620
    SID:2835222
    Source Port:40198
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.227.22344588802027121 05/14/22-02:04:55.265828
    SID:2027121
    Source Port:44588
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.176.12349208555552027153 05/14/22-02:04:01.919544
    SID:2027153
    Source Port:49208
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.116.145.17253718802027121 05/14/22-02:04:19.393127
    SID:2027121
    Source Port:53718
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.188.114.16159740802027121 05/14/22-02:03:57.828010
    SID:2027121
    Source Port:59740
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.210.8052764555552027153 05/14/22-02:04:07.308990
    SID:2027153
    Source Port:52764
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.130.227.21954724802027121 05/14/22-02:04:09.253114
    SID:2027121
    Source Port:54724
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.73.184.9855062802027121 05/14/22-02:05:00.755463
    SID:2027121
    Source Port:55062
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.245.46.10746162528692027339 05/14/22-02:04:51.923330
    SID:2027339
    Source Port:46162
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.247.21.12942964528692027339 05/14/22-02:05:32.842628
    SID:2027339
    Source Port:42964
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.166.126.9450592802027121 05/14/22-02:04:25.514613
    SID:2027121
    Source Port:50592
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.139.18940702802027121 05/14/22-02:04:23.234556
    SID:2027121
    Source Port:40702
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.245.58.7852418555552027153 05/14/22-02:05:24.859914
    SID:2027153
    Source Port:52418
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.244.24633926555552027153 05/14/22-02:04:52.963336
    SID:2027153
    Source Port:33926
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.167.21250504555552027153 05/14/22-02:05:46.355886
    SID:2027153
    Source Port:50504
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.34.6.15055186802027121 05/14/22-02:04:11.024463
    SID:2027121
    Source Port:55186
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.227.12641560802027121 05/14/22-02:04:19.423556
    SID:2027121
    Source Port:41560
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.150.188.18546066802027121 05/14/22-02:05:22.993162
    SID:2027121
    Source Port:46066
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.44.2540066555552027153 05/14/22-02:03:55.485637
    SID:2027153
    Source Port:40066
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.216.50.13837606802027121 05/14/22-02:04:01.004807
    SID:2027121
    Source Port:37606
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.211.210.9335332802027121 05/14/22-02:04:40.769456
    SID:2027121
    Source Port:35332
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.41.9237008555552027153 05/14/22-02:04:22.454733
    SID:2027153
    Source Port:37008
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.247.2036634802027121 05/14/22-02:04:41.120142
    SID:2027121
    Source Port:36634
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.207.22452754555552027153 05/14/22-02:04:46.156570
    SID:2027153
    Source Port:52754
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.230.24.14839870528692027339 05/14/22-02:04:37.094159
    SID:2027339
    Source Port:39870
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.208.209.1350344802027121 05/14/22-02:04:13.122146
    SID:2027121
    Source Port:50344
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.228.24052510802027121 05/14/22-02:04:11.012752
    SID:2027121
    Source Port:52510
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.99.5954200802027121 05/14/22-02:04:04.419952
    SID:2027121
    Source Port:54200
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.86.6346324555552027153 05/14/22-02:03:58.555530
    SID:2027153
    Source Port:46324
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.253.16356128555552027153 05/14/22-02:04:24.881877
    SID:2027153
    Source Port:56128
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.59.181.20043136802027121 05/14/22-02:05:19.833635
    SID:2027121
    Source Port:43136
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.207.12150102802027121 05/14/22-02:04:21.836564
    SID:2027121
    Source Port:50102
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.241.14.13254672528692027339 05/14/22-02:04:16.821957
    SID:2027339
    Source Port:54672
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.158.153.18444468802027121 05/14/22-02:05:16.432488
    SID:2027121
    Source Port:44468
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.241.23657156555552027153 05/14/22-02:04:39.318465
    SID:2027153
    Source Port:57156
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.226.94.18941406528692027339 05/14/22-02:05:39.652328
    SID:2027339
    Source Port:41406
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.129.188.9241166802027121 05/14/22-02:04:19.399830
    SID:2027121
    Source Port:41166
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.166.2240758555552027153 05/14/22-02:05:46.355727
    SID:2027153
    Source Port:40758
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.183.38.11852836802027121 05/14/22-02:04:50.334131
    SID:2027121
    Source Port:52836
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.135.148.19540620802027121 05/14/22-02:04:55.124093
    SID:2027121
    Source Port:40620
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.75.6257084555552027153 05/14/22-02:05:34.766951
    SID:2027153
    Source Port:57084
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.204.10138326555552027153 05/14/22-02:04:43.912984
    SID:2027153
    Source Port:38326
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.180.140.2447310802027121 05/14/22-02:04:36.685245
    SID:2027121
    Source Port:47310
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.195.2.15755260802027121 05/14/22-02:04:04.435272
    SID:2027121
    Source Port:55260
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.151.120.23954354802027121 05/14/22-02:04:10.940346
    SID:2027121
    Source Port:54354
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.67.9056662555552027153 05/14/22-02:04:56.047288
    SID:2027153
    Source Port:56662
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.102.5144754555552027153 05/14/22-02:04:56.030167
    SID:2027153
    Source Port:44754
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.128.74.8046640802027121 05/14/22-02:04:17.251115
    SID:2027121
    Source Port:46640
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.164.1748162555552027153 05/14/22-02:04:22.472015
    SID:2027153
    Source Port:48162
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.83.121.22158894802027121 05/14/22-02:04:27.640751
    SID:2027121
    Source Port:58894
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.169.219.25434272802027121 05/14/22-02:04:45.846183
    SID:2027121
    Source Port:34272
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23184.105.8.3736406555552027153 05/14/22-02:05:18.793782
    SID:2027153
    Source Port:36406
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.215.97.13935584802027121 05/14/22-02:04:25.532039
    SID:2027121
    Source Port:35584
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.224.15.17039200528692027339 05/14/22-02:04:39.797114
    SID:2027339
    Source Port:39200
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.213.15.3151808802027121 05/14/22-02:04:17.286891
    SID:2027121
    Source Port:51808
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.218.95.11037924802027121 05/14/22-02:05:28.503764
    SID:2027121
    Source Port:37924
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.252.227.9960514802027121 05/14/22-02:04:57.392496
    SID:2027121
    Source Port:60514
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.167.1439002555552027153 05/14/22-02:05:09.758951
    SID:2027153
    Source Port:39002
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.209.80.20855570802027121 05/14/22-02:03:55.571475
    SID:2027121
    Source Port:55570
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.245.196.21055214555552027153 05/14/22-02:05:06.317529
    SID:2027153
    Source Port:55214
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.244.77.14443746528692027339 05/14/22-02:05:07.644328
    SID:2027339
    Source Port:43746
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.137.15542484802027121 05/14/22-02:04:07.907810
    SID:2027121
    Source Port:42484
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.252.26.14258998528692027339 05/14/22-02:04:30.267679
    SID:2027339
    Source Port:58998
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.228.15633432555552027153 05/14/22-02:05:45.978228
    SID:2027153
    Source Port:33432
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.211.109.3948768802027121 05/14/22-02:04:57.363312
    SID:2027121
    Source Port:48768
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.215.16.24440964802027121 05/14/22-02:05:36.611945
    SID:2027121
    Source Port:40964
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.250.175.20859942802027121 05/14/22-02:05:33.036125
    SID:2027121
    Source Port:59942
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.176.21437726802027121 05/14/22-02:05:02.940383
    SID:2027121
    Source Port:37726
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.254.51.13348970528692027339 05/14/22-02:05:53.246860
    SID:2027339
    Source Port:48970
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.181.217.21542428802027121 05/14/22-02:04:01.013042
    SID:2027121
    Source Port:42428
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.149.22744978555552027153 05/14/22-02:03:55.468539
    SID:2027153
    Source Port:44978
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.100.151.5036050802027121 05/14/22-02:05:04.113713
    SID:2027121
    Source Port:36050
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.226.51.2659756528692027339 05/14/22-02:03:58.608037
    SID:2027339
    Source Port:59756
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.44.136.16858910802027121 05/14/22-02:05:06.494711
    SID:2027121
    Source Port:58910
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.245.43.1833638528692027339 05/14/22-02:04:34.638673
    SID:2027339
    Source Port:33638
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.250.92.8149400528692027339 05/14/22-02:05:30.387325
    SID:2027339
    Source Port:49400
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.122.12941910802027121 05/14/22-02:03:57.733650
    SID:2027121
    Source Port:41910
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.198.82.13638664802027121 05/14/22-02:04:36.621117
    SID:2027121
    Source Port:38664
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.207.159.1842422802027121 05/14/22-02:04:04.430182
    SID:2027121
    Source Port:42422
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.213.8036770802027121 05/14/22-02:04:50.593818
    SID:2027121
    Source Port:36770
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.159.14.9236796802027121 05/14/22-02:04:01.047400
    SID:2027121
    Source Port:36796
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.58.5948210802027121 05/14/22-02:05:00.726341
    SID:2027121
    Source Port:48210
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.45.6035894555552027153 05/14/22-02:04:31.062264
    SID:2027153
    Source Port:35894
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.72.28.18446380802027121 05/14/22-02:03:57.766923
    SID:2027121
    Source Port:46380
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.174.2055300555552027153 05/14/22-02:03:58.555577
    SID:2027153
    Source Port:55300
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.2.22159362555552027153 05/14/22-02:05:09.758996
    SID:2027153
    Source Port:59362
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.151.120.23954256802027121 05/14/22-02:04:07.815463
    SID:2027121
    Source Port:54256
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.221.155.4942002802027121 05/14/22-02:05:52.526130
    SID:2027121
    Source Port:42002
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23184.175.126.5651794555552027153 05/14/22-02:05:04.444249
    SID:2027153
    Source Port:51794
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.85.5640568555552027153 05/14/22-02:04:07.291997
    SID:2027153
    Source Port:40568
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.137.23833006802027121 05/14/22-02:05:25.192641
    SID:2027121
    Source Port:33006
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.69.25058292802027121 05/14/22-02:04:01.004594
    SID:2027121
    Source Port:58292
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.188.6034116802027121 05/14/22-02:04:04.484302
    SID:2027121
    Source Port:34116
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.166.227.13336224802027121 05/14/22-02:04:43.350949
    SID:2027121
    Source Port:36224
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.147.126.18944674802027121 05/14/22-02:04:45.457773
    SID:2027121
    Source Port:44674
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.33.10843492555552027153 05/14/22-02:03:58.572506
    SID:2027153
    Source Port:43492
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.201.64.538342802027121 05/14/22-02:04:52.868346
    SID:2027121
    Source Port:38342
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.150.171.7244640802027121 05/14/22-02:04:09.313085
    SID:2027121
    Source Port:44640
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.170.4533644802027121 05/14/22-02:04:40.769297
    SID:2027121
    Source Port:33644
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.63.8838726802027121 05/14/22-02:04:36.682429
    SID:2027121
    Source Port:38726
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.226.106.22449930528692027339 05/14/22-02:03:58.604415
    SID:2027339
    Source Port:49930
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.51.24245628802027121 05/14/22-02:04:17.265531
    SID:2027121
    Source Port:45628
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.200.19256740555552027153 05/14/22-02:05:46.356024
    SID:2027153
    Source Port:56740
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.87.1.2257834802027121 05/14/22-02:04:34.518726
    SID:2027121
    Source Port:57834
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.138.24053168802027121 05/14/22-02:04:43.357808
    SID:2027121
    Source Port:53168
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.97.11534182555552027153 05/14/22-02:04:19.382917
    SID:2027153
    Source Port:34182
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.167.11059028555552027153 05/14/22-02:04:34.685648
    SID:2027153
    Source Port:59028
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2388.221.227.18053630802027121 05/14/22-02:05:50.047627
    SID:2027121
    Source Port:53630
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.10.175.4242760802027121 05/14/22-02:04:36.714857
    SID:2027121
    Source Port:42760
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2388.99.214.4635952802027121 05/14/22-02:04:52.770205
    SID:2027121
    Source Port:35952
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp: