Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
qJlf2SjoW4

Overview

General Information

Sample Name:qJlf2SjoW4
Analysis ID:626436
MD5:e584f83cd9c878432f7b464ffd70b162
SHA1:1f8ff3ba2051f76fc89641dfba00af74e15ad72a
SHA256:b588d161f6930e582cfd72687ac7d9cf3e1a4884c49a2ca61163d40b2228d491
Tags:32elfmirairenesas
Infos:

Detection

Mirai
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Connects to many ports of the same IP (likely port scanning)
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample has stripped symbol table
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626436
Start date and time: 14/05/202202:10:582022-05-14 02:10:58 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 28s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:qJlf2SjoW4
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal92.spre.troj.lin@0/0@0/0
  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: http://103.136.43.52/bins/Tsunami.x86
Command:/tmp/qJlf2SjoW4
PID:6232
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
kebabware installed
Standard Error:
  • system is lnxubuntu20
  • qJlf2SjoW4 (PID: 6232, Parent: 6122, MD5: 8943e5f8f8c280467b4472c15ae93ba9) Arguments: /tmp/qJlf2SjoW4
  • sh (PID: 6289, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • rm (PID: 6319, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
  • cleanup
SourceRuleDescriptionAuthorStrings
qJlf2SjoW4SUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x113e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x11444:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x114e0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
qJlf2SjoW4MAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
  • 0x1068c:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
qJlf2SjoW4JoeSecurity_Mirai_5Yara detected MiraiJoe Security
    qJlf2SjoW4JoeSecurity_Mirai_8Yara detected MiraiJoe Security
      SourceRuleDescriptionAuthorStrings
      6232.1.0000000085a0537c.000000003b1b2593.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
      • 0x4f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      • 0x560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      • 0x620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      6236.1.0000000085a0537c.000000003b1b2593.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
      • 0x4f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      • 0x560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      • 0x620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      6232.1.000000005174e606.000000008584956c.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
      • 0x113e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      • 0x11444:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      • 0x114e0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
      6232.1.000000005174e606.000000008584956c.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
      • 0x1068c:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
      6232.1.000000005174e606.000000008584956c.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
        Click to see the 5 entries
        Timestamp:192.168.2.2395.58.74.1040992802027121 05/14/22-02:12:12.430631
        SID:2027121
        Source Port:40992
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23112.199.99.10646420802027121 05/14/22-02:11:57.622916
        SID:2027121
        Source Port:46420
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.168.221.10733586802027121 05/14/22-02:12:03.534733
        SID:2027121
        Source Port:33586
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.166.177.10143818802027121 05/14/22-02:13:00.629220
        SID:2027121
        Source Port:43818
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.34.12649972802027121 05/14/22-02:12:08.603488
        SID:2027121
        Source Port:49972
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.94.17943008802027121 05/14/22-02:12:47.773346
        SID:2027121
        Source Port:43008
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.97.118.8352268802027121 05/14/22-02:13:23.496514
        SID:2027121
        Source Port:52268
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.217.218.15945052802027121 05/14/22-02:12:01.397227
        SID:2027121
        Source Port:45052
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.216.95.11347718802027121 05/14/22-02:11:52.570414
        SID:2027121
        Source Port:47718
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.81.184.18459202555552027153 05/14/22-02:13:37.089436
        SID:2027153
        Source Port:59202
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23156.226.67.16341018528692027339 05/14/22-02:12:09.245036
        SID:2027339
        Source Port:41018
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.78.119.7247502802027121 05/14/22-02:11:52.607486
        SID:2027121
        Source Port:47502
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.118.20437132802027121 05/14/22-02:11:52.802504
        SID:2027121
        Source Port:37132
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.58.76.9256110802027121 05/14/22-02:12:10.137372
        SID:2027121
        Source Port:56110
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.32.17844078802027121 05/14/22-02:12:38.576645
        SID:2027121
        Source Port:44078
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.245.91.21846486555552027153 05/14/22-02:11:53.481665
        SID:2027153
        Source Port:46486
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.101.211.18138602802027121 05/14/22-02:11:46.055471
        SID:2027121
        Source Port:38602
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.250.7.20843406528692027339 05/14/22-02:12:44.093160
        SID:2027339
        Source Port:43406
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.211.199.20060430802027121 05/14/22-02:11:50.384445
        SID:2027121
        Source Port:60430
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.240.107.7347070528692027339 05/14/22-02:12:25.163577
        SID:2027339
        Source Port:47070
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.182.21341474555552027153 05/14/22-02:12:39.507650
        SID:2027153
        Source Port:41474
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23156.244.105.5134840528692027339 05/14/22-02:13:21.351383
        SID:2027339
        Source Port:34840
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.243.19935434802027121 05/14/22-02:12:04.777246
        SID:2027121
        Source Port:35434
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.245.250.17236862555552027153 05/14/22-02:12:19.660814
        SID:2027153
        Source Port:36862
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.211.226.13853290802027121 05/14/22-02:11:52.555956
        SID:2027121
        Source Port:53290
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.43.238.15338478802027121 05/14/22-02:12:01.401310
        SID:2027121
        Source Port:38478
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.37.25050424555552027153 05/14/22-02:12:56.874950
        SID:2027153
        Source Port:50424
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.213.204.3958836802027121 05/14/22-02:12:23.962062
        SID:2027121
        Source Port:58836
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.181.133.20233726802027121 05/14/22-02:12:16.233664
        SID:2027121
        Source Port:33726
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.57.130.22852484802027121 05/14/22-02:12:28.116329
        SID:2027121
        Source Port:52484
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.216.222.1047996802027121 05/14/22-02:12:06.989256
        SID:2027121
        Source Port:47996
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.122.230.16741686802027121 05/14/22-02:13:08.893196
        SID:2027121
        Source Port:41686
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.150.159.10657996802027121 05/14/22-02:12:39.841136
        SID:2027121
        Source Port:57996
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.235.111.19833534528692027339 05/14/22-02:13:20.938260
        SID:2027339
        Source Port:33534
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.24.9855186555552027153 05/14/22-02:12:20.938724
        SID:2027153
        Source Port:55186
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.179.134.1036172802027121 05/14/22-02:12:25.912986
        SID:2027121
        Source Port:36172
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.105.3756502802027121 05/14/22-02:12:16.074396
        SID:2027121
        Source Port:56502
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.164.218.8357352802027121 05/14/22-02:12:33.749896
        SID:2027121
        Source Port:57352
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.159.26.3544678802027121 05/14/22-02:12:23.922852
        SID:2027121
        Source Port:44678
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.235.96.9045400528692027339 05/14/22-02:12:34.950230
        SID:2027339
        Source Port:45400
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.217.206.17745218802027121 05/14/22-02:12:04.810301
        SID:2027121
        Source Port:45218
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.49.177.24935962802027121 05/14/22-02:13:40.811485
        SID:2027121
        Source Port:35962
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.131.158.15946656802027121 05/14/22-02:12:31.381907
        SID:2027121
        Source Port:46656
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.201.24153716555552027153 05/14/22-02:12:16.062221
        SID:2027153
        Source Port:53716
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.100.82.23444534802027121 05/14/22-02:12:12.340577
        SID:2027121
        Source Port:44534
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.118.14737452555552027153 05/14/22-02:11:50.031237
        SID:2027153
        Source Port:37452
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.57.134.4659286802027121 05/14/22-02:12:48.996838
        SID:2027121
        Source Port:59286
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.172.4134814555552027153 05/14/22-02:13:11.806884
        SID:2027153
        Source Port:34814
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23172.65.210.22942204555552027153 05/14/22-02:12:18.507816
        SID:2027153
        Source Port:42204
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.94.218.4357504802027121 05/14/22-02:11:57.972753
        SID:2027121
        Source Port:57504
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.154.249.12134130802027121 05/14/22-02:12:45.473782
        SID:2027121
        Source Port:34130
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.128.24559816555552027153 05/14/22-02:13:11.806767
        SID:2027153
        Source Port:59816
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.101.96.5152158802027121 05/14/22-02:13:29.557034
        SID:2027121
        Source Port:52158
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.203.246.6251484802027121 05/14/22-02:12:51.238182
        SID:2027121
        Source Port:51484
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.90.162.18347524802027121 05/14/22-02:12:04.810631
        SID:2027121
        Source Port:47524
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.239.27.7847704802027121 05/14/22-02:13:06.625005
        SID:2027121
        Source Port:47704
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.205.7053328802027121 05/14/22-02:12:03.636693
        SID:2027121
        Source Port:53328
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.151.7759744555552027153 05/14/22-02:11:51.219344
        SID:2027153
        Source Port:59744
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.100.59.12043352802027121 05/14/22-02:11:45.945989
        SID:2027121
        Source Port:43352
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.153.17343894555552027153 05/14/22-02:13:39.296017
        SID:2027153
        Source Port:43894
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.164.217.3256864802027121 05/14/22-02:12:21.706568
        SID:2027121
        Source Port:56864
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.209.130.24155784802027121 05/14/22-02:12:28.187173
        SID:2027121
        Source Port:55784
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.210.164.5859344802027121 05/14/22-02:13:46.124204
        SID:2027121
        Source Port:59344
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.250.15159336555552027153 05/14/22-02:13:19.724871
        SID:2027153
        Source Port:59336
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.216.165.11859550802027121 05/14/22-02:12:33.730744
        SID:2027121
        Source Port:59550
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.229.119.8750144802027121 05/14/22-02:12:16.135372
        SID:2027121
        Source Port:50144
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.174.97.23347994802027121 05/14/22-02:13:32.979753
        SID:2027121
        Source Port:47994
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.58.79.12560124802027121 05/14/22-02:12:23.981113
        SID:2027121
        Source Port:60124
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.167.20434184555552027153 05/14/22-02:13:44.962414
        SID:2027153
        Source Port:34184
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.80.201.23847450802027121 05/14/22-02:12:16.046839
        SID:2027121
        Source Port:47450
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.159.51.7337054802027121 05/14/22-02:12:08.430878
        SID:2027121
        Source Port:37054
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.241.123.15756836528692027339 05/14/22-02:12:54.094946
        SID:2027339
        Source Port:56836
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.141.200.19460076802027121 05/14/22-02:12:21.758371
        SID:2027121
        Source Port:60076
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.185.5038634802027121 05/14/22-02:12:38.371591
        SID:2027121
        Source Port:38634
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.241.84.24033824528692027339 05/14/22-02:12:28.673321
        SID:2027339
        Source Port:33824
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.179.143.20351242802027121 05/14/22-02:12:18.506552
        SID:2027121
        Source Port:51242
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.0.30.5660942802027121 05/14/22-02:13:00.841883
        SID:2027121
        Source Port:60942
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.86.72.5855354802027121 05/14/22-02:13:14.880883
        SID:2027121
        Source Port:55354
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.97.138.22648964802027121 05/14/22-02:12:57.594704
        SID:2027121
        Source Port:48964
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.104.20234854555552027153 05/14/22-02:13:36.964682
        SID:2027153
        Source Port:34854
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23172.65.219.16846204555552027153 05/14/22-02:13:08.554661
        SID:2027153
        Source Port:46204
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2388.87.173.19839632802027121 05/14/22-02:13:19.388360
        SID:2027121
        Source Port:39632
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.81.184.18459304555552027153 05/14/22-02:13:40.473105
        SID:2027153
        Source Port:59304
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.77.28.15555294802027121 05/14/22-02:13:20.332969
        SID:2027121
        Source Port:55294
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.254.15633828555552027153 05/14/22-02:12:11.570207
        SID:2027153
        Source Port:33828
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.217.158.13150124802027121 05/14/22-02:12:16.061650
        SID:2027121
        Source Port:50124
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.114.9144870555552027153 05/14/22-02:12:34.796192
        SID:2027153
        Source Port:44870
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23184.105.8.21455800555552027153 05/14/22-02:12:52.633661
        SID:2027153
        Source Port:55800
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.101.44.24046514802027121 05/14/22-02:12:38.385188
        SID:2027121
        Source Port:46514
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.47.138.16839922802027121 05/14/22-02:12:47.737611
        SID:2027121
        Source Port:39922
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.209.147.14345778802027121 05/14/22-02:12:52.880233
        SID:2027121
        Source Port:45778
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.6.16650622802027121 05/14/22-02:12:38.425801
        SID:2027121
        Source Port:50622
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.247.30.22451048528692027339 05/14/22-02:12:53.901304
        SID:2027339
        Source Port:51048
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.178.8946468802027121 05/14/22-02:11:57.639904
        SID:2027121
        Source Port:46468
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23197.244.233.15040306372152835222 05/14/22-02:11:51.051598
        SID:2835222
        Source Port:40306
        Destination Port:37215
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.65.107.22051454802027121 05/14/22-02:11:55.090650
        SID:2027121
        Source Port:51454
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.90.100.20642786802027121 05/14/22-02:13:06.577911
        SID:2027121
        Source Port:42786
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.250.235.4243474802027121 05/14/22-02:11:52.862391
        SID:2027121
        Source Port:43474
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.61.201.12438168802027121 05/14/22-02:13:04.224191
        SID:2027121
        Source Port:38168
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.249.225.1853758802027121 05/14/22-02:13:19.402088
        SID:2027121
        Source Port:53758
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.245.25.10652588555552027153 05/14/22-02:13:19.821621
        SID:2027153
        Source Port:52588
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.216.103.12651132802027121 05/14/22-02:12:00.196178
        SID:2027121
        Source Port:51132
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.143.57.7852982802027121 05/14/22-02:12:04.729513
        SID:2027121
        Source Port:52982
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.244.70.10233740528692027339 05/14/22-02:13:13.435280
        SID:2027339
        Source Port:33740
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.59.176.8254556802027121 05/14/22-02:13:33.021265
        SID:2027121
        Source Port:54556
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.1.5849178802027121 05/14/22-02:11:48.348956
        SID:2027121
        Source Port:49178
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.214.135.17752978802027121 05/14/22-02:12:04.793804
        SID:2027121
        Source Port:52978
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.46.19543134802027121 05/14/22-02:12:13.698098
        SID:2027121
        Source Port:43134
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.216.173.24048368802027121 05/14/22-02:12:21.633415
        SID:2027121
        Source Port:48368
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.241.182.14738286802027121 05/14/22-02:13:29.655470
        SID:2027121
        Source Port:38286
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.168.228.20548254802027121 05/14/22-02:12:12.332916
        SID:2027121
        Source Port:48254
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.127.3248576555552027153 05/14/22-02:12:11.570325
        SID:2027153
        Source Port:48576
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23197.246.204.4543450372152835222 05/14/22-02:12:18.232296
        SID:2835222
        Source Port:43450
        Destination Port:37215
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.246.12360432555552027153 05/14/22-02:13:32.017204
        SID:2027153
        Source Port:60432
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.100.34.12649942802027121 05/14/22-02:12:08.354729
        SID:2027121
        Source Port:49942
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.187.18739546555552027153 05/14/22-02:12:18.490698
        SID:2027153
        Source Port:39546
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.217.202.21857140802027121 05/14/22-02:12:33.688142
        SID:2027121
        Source Port:57140
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.244.117.6735262528692027339 05/14/22-02:13:29.101550
        SID:2027339
        Source Port:35262
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.9.132.13054534802027121 05/14/22-02:12:09.942371
        SID:2027121
        Source Port:54534
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.207.17255164555552027153 05/14/22-02:12:51.455000
        SID:2027153
        Source Port:55164
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23156.235.102.24651258528692027339 05/14/22-02:12:57.282371
        SID:2027339
        Source Port:51258
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.165.8142906555552027153 05/14/22-02:12:20.938959
        SID:2027153
        Source Port:42906
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23172.65.220.23039706555552027153 05/14/22-02:13:40.490274
        SID:2027153
        Source Port:39706
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.211.206.8055016802027121 05/14/22-02:12:21.658731
        SID:2027121
        Source Port:55016
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.59.17.5441456802027121 05/14/22-02:12:57.823951
        SID:2027121
        Source Port:41456
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.76.246.19645190802027121 05/14/22-02:12:09.885059
        SID:2027121
        Source Port:45190
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.209.155.9051672802027121 05/14/22-02:11:50.439816
        SID:2027121
        Source Port:51672
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.232.20460168555552027153 05/14/22-02:13:25.199760
        SID:2027153
        Source Port:60168
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.100.77.14644630802027121 05/14/22-02:12:01.373432
        SID:2027121
        Source Port:44630
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.31.22744132555552027153 05/14/22-02:11:53.487585
        SID:2027153
        Source Port:44132
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.57.72.060930802027121 05/14/22-02:12:48.985965
        SID:2027121
        Source Port:60930
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.45.15553358802027121 05/14/22-02:12:04.731576
        SID:2027121
        Source Port:53358
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.87.101.10137896802027121 05/14/22-02:12:09.913804
        SID:2027121
        Source Port:37896
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.128.23660108802027121 05/14/22-02:13:28.455410
        SID:2027121
        Source Port:60108
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.142.205.9451290802027121 05/14/22-02:11:46.047218
        SID:2027121
        Source Port:51290
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.193.167.16734318802027121 05/14/22-02:13:46.134686
        SID:2027121
        Source Port:34318
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.70.197.19856656802027121 05/14/22-02:12:31.405561
        SID:2027121
        Source Port:56656
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.164.5346232555552027153 05/14/22-02:13:23.081529
        SID:2027153
        Source Port:46232
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.225.205.13049890802027121 05/14/22-02:12:04.853611
        SID:2027121
        Source Port:49890
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.50.13952924802027121 05/14/22-02:12:08.365983
        SID:2027121
        Source Port:52924
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.241.125.9145474528692027339 05/14/22-02:12:41.657241
        SID:2027339
        Source Port:45474
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.9.125.14353942802027121 05/14/22-02:12:13.735890
        SID:2027121
        Source Port:53942
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.232.92.24755310528692027339 05/14/22-02:12:25.129479
        SID:2027339
        Source Port:55310
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.90.154.22936880802027121 05/14/22-02:12:12.602828
        SID:2027121
        Source Port:36880
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.216.15.13056598802027121 05/14/22-02:12:21.676533
        SID:2027121
        Source Port:56598
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.142.10.21251574802027121 05/14/22-02:12:25.898635
        SID:2027121
        Source Port:51574
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.110.175.2748086802027121 05/14/22-02:11:50.439638
        SID:2027121
        Source Port:48086
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.216.36.21353936802027121 05/14/22-02:12:03.575828
        SID:2027121
        Source Port:53936
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.218.17560614802027121 05/14/22-02:12:33.782516
        SID:2027121
        Source Port:60614
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.140.158.2838122802027121 05/14/22-02:11:46.150628
        SID:2027121
        Source Port:38122
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.163.132.2455816802027121 05/14/22-02:11:52.586510
        SID:2027121
        Source Port:55816
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.206.17358940555552027153 05/14/22-02:12:01.300119
        SID:2027153
        Source Port:58940
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23172.65.177.13744728555552027153 05/14/22-02:13:32.012600
        SID:2027153
        Source Port:44728
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.179.233.6956756802027121 05/14/22-02:11:48.288985
        SID:2027121
        Source Port:56756
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.2.844980555552027153 05/14/22-02:12:11.570145
        SID:2027153
        Source Port:44980
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.23172.65.117.6952368555552027153 05/14/22-02:13:43.822344
        SID:2027153
        Source Port:52368
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.159.7.4138836802027121 05/14/22-02:11:52.872714
        SID:2027121
        Source Port:38836
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.89.23448884555552027153 05/14/22-02:12:00.125203
        SID:2027153
        Source Port:48884
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.57.98.21044138802027121 05/14/22-02:13:14.994328
        SID:2027121
        Source Port:44138
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.110.232.9756464802027121 05/14/22-02:11:55.012285
        SID:2027121
        Source Port:56464
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.8.72.19347014802027121 05/14/22-02:11:55.040749
        SID:2027121
        Source Port:47014
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.47.97.7036228802027121 05/14/22-02:12:03.534557
        SID:2027121
        Source Port:36228
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.37.24335642555552027153 05/14/22-02:12:06.228008
        SID:2027153
        Source Port:35642
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.182.120.23638966802027121 05/14/22-02:11:50.412772
        SID:2027121
        Source Port:38966
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.10.053968555552027153 05/14/22-02:12:11.587321
        SID:2027153
        Source Port:53968
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.154.112.12243126802027121 05/14/22-02:12:24.008186
        SID:2027121
        Source Port:43126
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.203.4046200802027121 05/14/22-02:12:36.296341
        SID:2027121
        Source Port:46200
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.99.143.5535064802027121 05/14/22-02:12:39.835523
        SID:2027121
        Source Port:35064
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.134.255.2857518802027121 05/14/22-02:11:48.410937
        SID:2027121
        Source Port:57518
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.226.106.12749420528692027339 05/14/22-02:12:59.756210
        SID:2027339
        Source Port:49420
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23156.241.77.21936828528692027339 05/14/22-02:12:37.410964
        SID:2027339
        Source Port:36828
        Destination Port:52869
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2388.147.125.1157218802027121 05/14/22-02:12:43.278898
        SID:2027121
        Source Port:57218
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.159.31.9139228802027121 05/14/22-02:12:57.701159
        SID:2027121
        Source Port:39228
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.33.10038818802027121 05/14/22-02:11:52.573122
        SID:2027121
        Source Port:38818
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.100.154.14133290802027121 05/14/22-02:11:55.048182
        SID:2027121
        Source Port:33290
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.181.216.18039938802027121 05/14/22-02:12:08.396424
        SID:2027121
        Source Port:39938
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.239.20157596555552027153 05/14/22-02:12:36.880675
        SID:2027153
        Source Port:57596
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain
        Timestamp:192.168.2.2395.58.3.1548388802027121 05/14/22-02:13:22.563201
        SID:2027121
        Source Port:48388
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.57.255.13244390802027121 05/14/22-02:12:33.932176
        SID:2027121
        Source Port:44390
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.154.52.14257790802027121 05/14/22-02:13:00.782189
        SID:2027121
        Source Port:57790
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.101.95.17957846802027121 05/14/22-02:12:03.507219
        SID:2027121
        Source Port:57846
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.2395.140.153.15856040802027121 05/14/22-02:12:28.223713
        SID:2027121
        Source Port:56040
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.23172.65.108.14133886555552027153 05/14/22-02:12:33.795226
        SID:2027153
        Source Port:33886
        Destination Port:55555
        Protocol:TCP
        Classtype:Attempted Administrator Privilege Gain