Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
pjT3uuMrF1

Overview

General Information

Sample Name:pjT3uuMrF1
Analysis ID:626439
MD5:e8511d7655b6bb7a2e95a8a71945c87f
SHA1:0d946d9f597a16bead0e8df270902105fe3662af
SHA256:156bf5a274c0b19bb4941117a16e7c9be568d70c811199086145df079be80b36
Tags:32armelfmirai
Infos:

Detection

Mirai
Score:92
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample contains only a LOAD segment without any section mappings
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:626439
Start date and time: 14/05/202202:18:532022-05-14 02:18:53 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 26s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:pjT3uuMrF1
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal92.spre.troj.evad.lin@0/0@0/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: http://103.136.43.52/bins/Tsunami.x86

Runtime Messages

Command:/tmp/pjT3uuMrF1
PID:6230
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
kebabware installed
Standard Error:

Process Tree

  • system is lnxubuntu20
  • pjT3uuMrF1 (PID: 6230, Parent: 6125, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/pjT3uuMrF1
  • sh (PID: 6287, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-print-notifications
  • rm (PID: 6317, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
pjT3uuMrF1SUSP_ELF_LNX_UPX_Compressed_FileDetects a suspicious ELF binary with UPX compressionFlorian Roth
  • 0x807c:$s1: PROT_EXEC|PROT_WRITE failed.
  • 0x80eb:$s2: $Id: UPX
  • 0x809c:$s3: $Info: This file is packed with the UPX executable packer

Memory Dumps

SourceRuleDescriptionAuthorStrings
6234.1.0000000031c29fda.00000000517a471f.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x14f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6230.1.0000000031c29fda.00000000517a471f.rw-.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x14f0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1560:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x1620:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6230.1.000000003d1482af.00000000e83cf7de.r-x.sdmpSUSP_XORed_MozillaDetects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.Florian Roth
  • 0x14028:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x14084:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x14120:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
6230.1.000000003d1482af.00000000e83cf7de.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_2Detects ELF malware Mirai relatedFlorian Roth
  • 0x132cc:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
6230.1.000000003d1482af.00000000e83cf7de.r-x.sdmpJoeSecurity_Mirai_5Yara detected MiraiJoe Security
    Click to see the 5 entries

    Snort Signatures

    Timestamp:192.168.2.23172.255.83.10051174555552027153 05/14/22-02:19:57.628001
    SID:2027153
    Source Port:51174
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.143.204.23852402802027121 05/14/22-02:19:59.979425
    SID:2027121
    Source Port:52402
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.136.115.7450126802027121 05/14/22-02:21:11.764865
    SID:2027121
    Source Port:50126
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23197.246.194.22653566372152835222 05/14/22-02:21:39.028446
    SID:2835222
    Source Port:53566
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.81.17953844555552027153 05/14/22-02:19:59.137951
    SID:2027153
    Source Port:53844
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.234.231.22957116528692027339 05/14/22-02:20:29.429465
    SID:2027339
    Source Port:57116
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.177.8248362555552027153 05/14/22-02:21:10.452251
    SID:2027153
    Source Port:48362
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.142.64.15133610802027121 05/14/22-02:19:53.342712
    SID:2027121
    Source Port:33610
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.139.9459572802027121 05/14/22-02:21:32.727426
    SID:2027121
    Source Port:59572
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.211.103.15238686802027121 05/14/22-02:19:47.512944
    SID:2027121
    Source Port:38686
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.31.7.6547324802027121 05/14/22-02:20:02.461488
    SID:2027121
    Source Port:47324
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.238.12554388555552027153 05/14/22-02:20:08.992019
    SID:2027153
    Source Port:54388
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.189.104.13841018802027121 05/14/22-02:20:32.218131
    SID:2027121
    Source Port:41018
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.61.121.20644906802027121 05/14/22-02:20:03.803878
    SID:2027121
    Source Port:44906
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.240.22653848802027121 05/14/22-02:21:23.038728
    SID:2027121
    Source Port:53848
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.187.12539084555552027153 05/14/22-02:20:37.047910
    SID:2027153
    Source Port:39084
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.216.169.9635526802027121 05/14/22-02:20:28.438174
    SID:2027121
    Source Port:35526
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.9.211.13445804802027121 05/14/22-02:20:50.335116
    SID:2027121
    Source Port:45804
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.159.0.20360034802027121 05/14/22-02:20:28.556099
    SID:2027121
    Source Port:60034
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.159.7.3947180802027121 05/14/22-02:21:16.327351
    SID:2027121
    Source Port:47180
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.29.18036084802027121 05/14/22-02:20:48.149836
    SID:2027121
    Source Port:36084
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.109.12442672555552027153 05/14/22-02:21:06.678651
    SID:2027153
    Source Port:42672
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.80.25057792555552027153 05/14/22-02:19:50.996196
    SID:2027153
    Source Port:57792
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.203.18340090555552027153 05/14/22-02:19:57.645189
    SID:2027153
    Source Port:40090
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.244.124.6254780528692027339 05/14/22-02:21:19.394819
    SID:2027339
    Source Port:54780
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.65.111.19238106802027121 05/14/22-02:20:56.002880
    SID:2027121
    Source Port:38106
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.250.91.13145570528692027339 05/14/22-02:20:29.395003
    SID:2027339
    Source Port:45570
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.159.33.21456926802027121 05/14/22-02:20:54.820107
    SID:2027121
    Source Port:56926
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.234.19437462555552027153 05/14/22-02:19:47.505957
    SID:2027153
    Source Port:37462
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2398.159.33.19449528555552027153 05/14/22-02:20:13.406392
    SID:2027153
    Source Port:49528
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.216.8.6260662802027121 05/14/22-02:20:26.047138
    SID:2027121
    Source Port:60662
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.60.11932814802027121 05/14/22-02:19:52.635703
    SID:2027121
    Source Port:32814
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.107.229.3633744802027121 05/14/22-02:21:14.075300
    SID:2027121
    Source Port:33744
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.4.7238672555552027153 05/14/22-02:20:18.663856
    SID:2027153
    Source Port:38672
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.245.84.15734900802027121 05/14/22-02:20:23.687567
    SID:2027121
    Source Port:34900
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.164.5855826802027121 05/14/22-02:20:39.296946
    SID:2027121
    Source Port:55826
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.215.239.14640644802027121 05/14/22-02:21:03.782018
    SID:2027121
    Source Port:40644
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.179.202.20535652802027121 05/14/22-02:20:29.974289
    SID:2027121
    Source Port:35652
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.65.49.22848088802027121 05/14/22-02:20:28.494212
    SID:2027121
    Source Port:48088
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.155.7835938555552027153 05/14/22-02:20:03.389982
    SID:2027153
    Source Port:35938
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.28.18837548555552027153 05/14/22-02:21:10.434822
    SID:2027153
    Source Port:37548
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.56.217.14057738802027121 05/14/22-02:20:32.203958
    SID:2027121
    Source Port:57738
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.124.21940064802027121 05/14/22-02:21:03.799358
    SID:2027121
    Source Port:40064
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23112.135.200.3347048802027121 05/14/22-02:20:26.004599
    SID:2027121
    Source Port:47048
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.163.168.10943244802027121 05/14/22-02:20:50.298257
    SID:2027121
    Source Port:43244
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.254.2849556555552027153 05/14/22-02:20:53.942992
    SID:2027153
    Source Port:49556
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23197.237.77.4548226372152835222 05/14/22-02:21:12.221258
    SID:2835222
    Source Port:48226
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.28.223.12760158802027121 05/14/22-02:19:54.571832
    SID:2027121
    Source Port:60158
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.208.22147180555552027153 05/14/22-02:21:15.003517
    SID:2027153
    Source Port:47180
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.141.209.23753648802027121 05/14/22-02:21:16.255320
    SID:2027121
    Source Port:53648
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.173.17642360802027121 05/14/22-02:19:59.979314
    SID:2027121
    Source Port:42360
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.254.19839484555552027153 05/14/22-02:19:49.942206
    SID:2027153
    Source Port:39484
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.217.156.25245090802027121 05/14/22-02:20:55.948104
    SID:2027121
    Source Port:45090
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.100.2259092555552027153 05/14/22-02:20:55.145336
    SID:2027153
    Source Port:59092
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23112.121.177.22134130802027121 05/14/22-02:20:44.359761
    SID:2027121
    Source Port:34130
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.159.51.2953666802027121 05/14/22-02:19:52.694475
    SID:2027121
    Source Port:53666
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23112.215.101.8160170802027121 05/14/22-02:20:38.895103
    SID:2027121
    Source Port:60170
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.22.16334682802027121 05/14/22-02:21:28.995999
    SID:2027121
    Source Port:34682
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.165.133.14534562802027121 05/14/22-02:20:37.016015
    SID:2027121
    Source Port:34562
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.220.15233210555552027153 05/14/22-02:19:47.522649
    SID:2027153
    Source Port:33210
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.226.9456510555552027153 05/14/22-02:20:26.128722
    SID:2027153
    Source Port:56510
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.98.6846890555552027153 05/14/22-02:20:51.595727
    SID:2027153
    Source Port:46890
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2398.159.224.1937196555552027153 05/14/22-02:21:10.525505
    SID:2027153
    Source Port:37196
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.217.100.9050666802027121 05/14/22-02:20:07.909211
    SID:2027121
    Source Port:50666
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.173.188.1753452802027121 05/14/22-02:21:16.301756
    SID:2027121
    Source Port:53452
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.163.40.13056302802027121 05/14/22-02:20:17.767623
    SID:2027121
    Source Port:56302
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.205.61.15945412802027121 05/14/22-02:21:23.140530
    SID:2027121
    Source Port:45412
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.152.9160996802027121 05/14/22-02:21:29.005358
    SID:2027121
    Source Port:60996
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23112.106.58.15039318802027121 05/14/22-02:20:02.405864
    SID:2027121
    Source Port:39318
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23112.179.60.10652164802027121 05/14/22-02:19:47.485907
    SID:2027121
    Source Port:52164
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.216.14.21637572802027121 05/14/22-02:20:40.548225
    SID:2027121
    Source Port:37572
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.70.15634830555552027153 05/14/22-02:21:29.853316
    SID:2027153
    Source Port:34830
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.241.119.16751336528692027339 05/14/22-02:21:38.199643
    SID:2027339
    Source Port:51336
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.234.11157896802027121 05/14/22-02:20:26.254878
    SID:2027121
    Source Port:57896
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.233.22.20254454802027121 05/14/22-02:19:59.937809
    SID:2027121
    Source Port:54454
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.111.244.25339608802027121 05/14/22-02:20:58.081431
    SID:2027121
    Source Port:39608
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.140.156.4346396802027121 05/14/22-02:20:48.022368
    SID:2027121
    Source Port:46396
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.242.10450832802027121 05/14/22-02:19:54.491456
    SID:2027121
    Source Port:50832
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.97.132.13055154555552027153 05/14/22-02:19:45.321580
    SID:2027153
    Source Port:55154
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.161.182.236966802027121 05/14/22-02:20:39.165687
    SID:2027121
    Source Port:36966
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.56.223.15134538802027121 05/14/22-02:20:15.032748
    SID:2027121
    Source Port:34538
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.57.74.3350396802027121 05/14/22-02:19:54.640711
    SID:2027121
    Source Port:50396
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.215.8660962802027121 05/14/22-02:20:20.205596
    SID:2027121
    Source Port:60962
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.5.4944762555552027153 05/14/22-02:20:15.566625
    SID:2027153
    Source Port:44762
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.217.121.5748134802027121 05/14/22-02:20:47.995507
    SID:2027121
    Source Port:48134
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.146.5845536555552027153 05/14/22-02:20:53.942910
    SID:2027153
    Source Port:45536
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.159.55.16432974802027121 05/14/22-02:20:28.550766
    SID:2027121
    Source Port:32974
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.152.19558680555552027153 05/14/22-02:21:15.003655
    SID:2027153
    Source Port:58680
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.101.50.2936210802027121 05/14/22-02:20:58.196781
    SID:2027121
    Source Port:36210
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.245.84.20155974555552027153 05/14/22-02:20:21.837542
    SID:2027153
    Source Port:55974
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.211.3.4758028802027121 05/14/22-02:21:11.754876
    SID:2027121
    Source Port:58028
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.46.16736878555552027153 05/14/22-02:20:26.128840
    SID:2027153
    Source Port:36878
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.61.121.20644884802027121 05/14/22-02:20:02.452312
    SID:2027121
    Source Port:44884
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.32.13358682802027121 05/14/22-02:20:12.238521
    SID:2027121
    Source Port:58682
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23112.79.32.4242658802027121 05/14/22-02:20:23.608445
    SID:2027121
    Source Port:42658
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.100.123.20540996802027121 05/14/22-02:21:00.525492
    SID:2027121
    Source Port:40996
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.255.11347180555552027153 05/14/22-02:19:54.382118
    SID:2027153
    Source Port:47180
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.214.235.12633216802027121 05/14/22-02:20:07.909063
    SID:2027121
    Source Port:33216
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.224.25.14240106528692027339 05/14/22-02:20:47.247262
    SID:2027339
    Source Port:40106
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.87.254.4357278802027121 05/14/22-02:19:53.372300
    SID:2027121
    Source Port:57278
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.131.149.11457714802027121 05/14/22-02:21:34.904086
    SID:2027121
    Source Port:57714
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.217.147.8037940802027121 05/14/22-02:20:37.002920
    SID:2027121
    Source Port:37940
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.85.8852956802027121 05/14/22-02:20:58.119066
    SID:2027121
    Source Port:52956
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.97.12843836555552027153 05/14/22-02:21:31.954750
    SID:2027153
    Source Port:43836
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.143.229.4937410802027121 05/14/22-02:20:47.942900
    SID:2027121
    Source Port:37410
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.231.18936138555552027153 05/14/22-02:20:26.126595
    SID:2027153
    Source Port:36138
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.245.77.5443396555552027153 05/14/22-02:19:50.861365
    SID:2027153
    Source Port:43396
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.101.96.21634304802027121 05/14/22-02:21:00.513758
    SID:2027121
    Source Port:34304
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.215.170.3138548802027121 05/14/22-02:20:52.527746
    SID:2027121
    Source Port:38548
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.252.56.12541832802027121 05/14/22-02:21:34.895934
    SID:2027121
    Source Port:41832
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.58.75.10847170802027121 05/14/22-02:21:11.847346
    SID:2027121
    Source Port:47170
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.159.30.9250334802027121 05/14/22-02:21:25.371312
    SID:2027121
    Source Port:50334
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.131.136.6544472802027121 05/14/22-02:20:26.033464
    SID:2027121
    Source Port:44472
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.142.75.18149820802027121 05/14/22-02:20:55.954772
    SID:2027121
    Source Port:49820
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.241.13.9738248528692027339 05/14/22-02:19:49.315222
    SID:2027339
    Source Port:38248
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.227.11452622555552027153 05/14/22-02:21:06.661307
    SID:2027153
    Source Port:52622
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23156.225.159.18250730528692027339 05/14/22-02:20:25.835892
    SID:2027339
    Source Port:50730
    Destination Port:52869
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.209.146.21050540802027121 05/14/22-02:20:38.689489
    SID:2027121
    Source Port:50540
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.163.13350650555552027153 05/14/22-02:20:39.493185
    SID:2027153
    Source Port:50650
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.213.40.556526802027121 05/14/22-02:20:28.445974
    SID:2027121
    Source Port:56526
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.180.165.20354376802027121 05/14/22-02:20:29.989309
    SID:2027121
    Source Port:54376
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.166.120.7254750802027121 05/14/22-02:21:23.057590
    SID:2027121
    Source Port:54750
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.255.80.660084555552027153 05/14/22-02:20:08.975191
    SID:2027153
    Source Port:60084
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.101.238.3342720802027121 05/14/22-02:20:17.717017
    SID:2027121
    Source Port:42720
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.179.156.2557406802027121 05/14/22-02:20:02.429434
    SID:2027121
    Source Port:57406
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.101.210.22652942802027121 05/14/22-02:20:35.416113
    SID:2027121
    Source Port:52942
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23112.169.202.10050322802027121 05/14/22-02:21:05.146467
    SID:2027121
    Source Port:50322
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.213.201.6045874802027121 05/14/22-02:19:52.681868
    SID:2027121
    Source Port:45874
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.255.83.9140446555552027153 05/14/22-02:21:07.857174
    SID:2027153
    Source Port:40446
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.170.196.18440608802027121 05/14/22-02:20:29.987583
    SID:2027121
    Source Port:40608
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.159.50.8551920802027121 05/14/22-02:20:46.769425
    SID:2027121
    Source Port:51920
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.60.10237828555552027153 05/14/22-02:20:51.595839
    SID:2027153
    Source Port:37828
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.245.250.14248988555552027153 05/14/22-02:20:55.340538
    SID:2027153
    Source Port:48988
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.117.110.4739132802027121 05/14/22-02:19:54.486284
    SID:2027121
    Source Port:39132
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.100.5848116555552027153 05/14/22-02:20:33.576896
    SID:2027153
    Source Port:48116
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.216.22.20338146802027121 05/14/22-02:21:29.004701
    SID:2027121
    Source Port:38146
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23172.65.181.24432864555552027153 05/14/22-02:20:08.849218
    SID:2027153
    Source Port:32864
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.23172.65.93.25539622555552027153 05/14/22-02:21:27.712648
    SID:2027153
    Source Port:39622
    Destination Port:55555
    Protocol:TCP
    Classtype:Attempted Administrator Privilege Gain
    Timestamp:192.168.2.2395.205.109.4436654802027121 05/14/22-02:20:28.683925
    SID:2027121
    Source Port:36654
    Destination Port:80
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.249.69.12654336802027121 05/14/22-02:20:46.647552
    SID:2027121
    Source Port:54336
    Destination Port:80
    Protocol:TCP
    Classtype: