Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
4R66Cv0FvN

Overview

General Information

Sample Name:4R66Cv0FvN
Analysis ID:635088
MD5:1a7dc7e371dd56f9c4d817599a534050
SHA1:96f35b9dee1d4a27912c5589da6aa595be15c82e
SHA256:d3063711060e7645b34e5daf91137d8e4f8bac8bd91e3087678383d3e0ff17b3
Tags:32elfmiraimotorola
Infos:

Detection

Mirai
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Yara detected Mirai
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Uses known network protocols on non-standard ports
Sample tries to kill multiple processes (SIGKILL)
Sample has stripped symbol table
HTTP GET or POST without a user agent
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might not execute correctly on this machine.
Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:635088
Start date and time: 27/05/202213:02:542022-05-27 13:02:54 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 7m 17s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:4R66Cv0FvN
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal72.spre.troj.lin@0/0@0/0
  • Report size exceeded maximum capacity and may have missing network information.
Command:/tmp/4R66Cv0FvN
PID:6226
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Infected By Cult
Standard Error:
  • system is lnxubuntu20
  • 4R66Cv0FvN (PID: 6226, Parent: 6121, MD5: cd177594338c77b895ae27c33f8f86cc) Arguments: /tmp/4R66Cv0FvN
  • cleanup
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
    Timestamp:192.168.2.23112.78.149.15556872802839471 05/27/22-13:04:20.602390
    SID:2839471
    Source Port:56872
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.181.211.24543264802839471 05/27/22-13:05:39.450028
    SID:2839471
    Source Port:43264
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.239.33.5235314802839471 05/27/22-13:05:39.448496
    SID:2839471
    Source Port:35314
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.150.171.12034138802839471 05/27/22-13:04:25.483580
    SID:2839471
    Source Port:34138
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.147.150.4437374802839471 05/27/22-13:05:56.529243
    SID:2839471
    Source Port:37374
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.158.8.21139560802839471 05/27/22-13:05:14.237720
    SID:2839471
    Source Port:39560
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.158.141.22045834802839471 05/27/22-13:04:08.194012
    SID:2839471
    Source Port:45834
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.135.207.16556904802839471 05/27/22-13:06:05.012803
    SID:2839471
    Source Port:56904
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.116.4450488802839471 05/27/22-13:05:21.570636
    SID:2839471
    Source Port:50488
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.184.21648512802839471 05/27/22-13:04:25.431447
    SID:2839471
    Source Port:48512
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.78.9.20333502802839471 05/27/22-13:04:30.438295
    SID:2839471
    Source Port:33502
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.123.22559388802839471 05/27/22-13:03:53.103631
    SID:2839471
    Source Port:59388
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.28.209.19459186802839471 05/27/22-13:05:31.839035
    SID:2839471
    Source Port:59186
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.85.9953610802839471 05/27/22-13:04:15.943706
    SID:2839471
    Source Port:53610
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.13.87.23736212802839471 05/27/22-13:04:37.094351
    SID:2839471
    Source Port:36212
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.44.7438338802839471 05/27/22-13:05:56.289401
    SID:2839471
    Source Port:38338
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.91.4.1657994802839471 05/27/22-13:04:33.477633
    SID:2839471
    Source Port:57994
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.30.198.6034490802839471 05/27/22-13:04:15.929622
    SID:2839471
    Source Port:34490
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.252.166.043712802839471 05/27/22-13:04:53.868578
    SID:2839471
    Source Port:43712
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.60.236.16945234802839471 05/27/22-13:04:10.614944
    SID:2839471
    Source Port:45234
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.84.90.9954854802839471 05/27/22-13:05:56.378913
    SID:2839471
    Source Port:54854
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.134.8156846802839471 05/27/22-13:04:53.823235
    SID:2839471
    Source Port:56846
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.149.59.23052470802839471 05/27/22-13:05:01.570447
    SID:2839471
    Source Port:52470
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.78.182.141584802839471 05/27/22-13:06:28.770098
    SID:2839471
    Source Port:41584
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.65.4345668802839471 05/27/22-13:04:18.497471
    SID:2839471
    Source Port:45668
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.187.4139724802839471 05/27/22-13:05:51.446986
    SID:2839471
    Source Port:39724
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.43.85.13037716802839471 05/27/22-13:06:09.159255
    SID:2839471
    Source Port:37716
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.139.16840636802839471 05/27/22-13:05:01.505866
    SID:2839471
    Source Port:40636
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.211.168.3848482802839471 05/27/22-13:04:08.445501
    SID:2839471
    Source Port:48482
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.210.164.21956930802839471 05/27/22-13:05:58.694600
    SID:2839471
    Source Port:56930
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.183.14.12849716802839471 05/27/22-13:04:24.407215
    SID:2839471
    Source Port:49716
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.4.190.11748158802839471 05/27/22-13:04:27.910495
    SID:2839471
    Source Port:48158
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.103.34.6233328802839471 05/27/22-13:04:33.152495
    SID:2839471
    Source Port:33328
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.165.151.20836920802839471 05/27/22-13:05:39.404260
    SID:2839471
    Source Port:36920
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.166.143.13935382802839471 05/27/22-13:05:31.862266
    SID:2839471
    Source Port:35382
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.187.19353624802839471 05/27/22-13:05:21.554013
    SID:2839471
    Source Port:53624
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.232.101.4135770802839471 05/27/22-13:05:51.492756
    SID:2839471
    Source Port:35770
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.15.2039684802839471 05/27/22-13:04:00.816075
    SID:2839471
    Source Port:39684
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.161.210.5858248802839471 05/27/22-13:04:12.947117
    SID:2839471
    Source Port:58248
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.72.39.16239026802839471 05/27/22-13:04:51.443600
    SID:2839471
    Source Port:39026
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.217.60.12256784802839471 05/27/22-13:04:57.072524
    SID:2839471
    Source Port:56784
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.165.151.5248400802839471 05/27/22-13:05:39.349485
    SID:2839471
    Source Port:48400
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.165.100.16038276802839471 05/27/22-13:04:33.147747
    SID:2839471
    Source Port:38276
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.211.216.3246524802839471 05/27/22-13:06:00.339210
    SID:2839471
    Source Port:46524
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.53.1.22840004802839471 05/27/22-13:06:05.767863
    SID:2839471
    Source Port:40004
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.90.21141812802839471 05/27/22-13:05:16.765662
    SID:2839471
    Source Port:41812
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.17.55.3033310802839471 05/27/22-13:04:01.321811
    SID:2839471
    Source Port:33310
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.65.37.1535686802839471 05/27/22-13:03:55.225527
    SID:2839471
    Source Port:35686
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.177.21440228802839471 05/27/22-13:06:20.561235
    SID:2839471
    Source Port:40228
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.199.16637990802839471 05/27/22-13:03:58.624651
    SID:2839471
    Source Port:37990
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.65.9454630802839471 05/27/22-13:03:47.643922
    SID:2839471
    Source Port:54630
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.111.11655968802839471 05/27/22-13:05:24.104016
    SID:2839471
    Source Port:55968
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.183.138.19359198802839471 05/27/22-13:04:42.817722
    SID:2839471
    Source Port:59198
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.216.100.11734840802839471 05/27/22-13:04:42.744445
    SID:2839471
    Source Port:34840
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.110.255.445770802839471 05/27/22-13:04:00.817953
    SID:2839471
    Source Port:45770
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.57.131.2450926802839471 05/27/22-13:05:24.268394
    SID:2839471
    Source Port:50926
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.87.24555976802839471 05/27/22-13:04:08.169650
    SID:2839471
    Source Port:55976
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.166.48.17256982802839471 05/27/22-13:04:20.654338
    SID:2839471
    Source Port:56982
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23197.244.76.20952242372152835222 05/27/22-13:06:21.614936
    SID:2835222
    Source Port:52242
    Destination Port:37215
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2395.220.189.19652720802839471 05/27/22-13:04:22.985272
    SID:2839471
    Source Port:52720
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.247.216.20936598802839471 05/27/22-13:05:14.180236
    SID:2839471
    Source Port:36598
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.250.103.7754546802839471 05/27/22-13:06:16.633551
    SID:2839471
    Source Port:54546
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.199.88.15749546802839471 05/27/22-13:06:09.126372
    SID:2839471
    Source Port:49546
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.15.39.4148806802839471 05/27/22-13:06:05.103489
    SID:2839471
    Source Port:48806
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.24.5341050802839471 05/27/22-13:04:08.193131
    SID:2839471
    Source Port:41050
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.248.56.15960604802839471 05/27/22-13:06:12.489676
    SID:2839471
    Source Port:60604
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.140.126.15656566802839471 05/27/22-13:04:08.457813
    SID:2839471
    Source Port:56566
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.87.19347086802839471 05/27/22-13:04:15.943798
    SID:2839471
    Source Port:47086
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.251.99.13355052802839471 05/27/22-13:06:20.657664
    SID:2839471
    Source Port:55052
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.198.120.12939978802839471 05/27/22-13:04:08.192593
    SID:2839471
    Source Port:39978
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.85.153.5042044802839471 05/27/22-13:04:31.837502
    SID:2839471
    Source Port:42044
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.126.220.22634098802839471 05/27/22-13:05:14.382886
    SID:2839471
    Source Port:34098
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.12.252.15544658802839471 05/27/22-13:06:26.051259
    SID:2839471
    Source Port:44658
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.120.7.4853822802839471 05/27/22-13:04:47.832854
    SID:2839471
    Source Port:53822
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.106.186.20053920802839471 05/27/22-13:04:33.254754
    SID:2839471
    Source Port:53920
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.48.166.3440202802839471 05/27/22-13:04:15.928246
    SID:2839471
    Source Port:40202
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.229.188.18954868802839471 05/27/22-13:04:23.007965
    SID:2839471
    Source Port:54868
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.173.186.15652650802839471 05/27/22-13:05:06.457295
    SID:2839471
    Source Port:52650
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.141.44.9738202802839471 05/27/22-13:03:53.071361
    SID:2839471
    Source Port:38202
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.91.98.6152152802839471 05/27/22-13:04:24.387154
    SID:2839471
    Source Port:52152
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.233.16236386802839471 05/27/22-13:04:20.617710
    SID:2839471
    Source Port:36386
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.59.109.25339602802839471 05/27/22-13:04:51.586146
    SID:2839471
    Source Port:39602
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.85.153.5041582802839471 05/27/22-13:04:15.963835
    SID:2839471
    Source Port:41582
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.42.21635522802839471 05/27/22-13:04:17.306842
    SID:2839471
    Source Port:35522
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.72.38.3158548802839471 05/27/22-13:05:49.895360
    SID:2839471
    Source Port:58548
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.224.150.7652178802839471 05/27/22-13:04:33.530691
    SID:2839471
    Source Port:52178
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.140.154.14559624802839471 05/27/22-13:05:16.851663
    SID:2839471
    Source Port:59624
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.164.198.9141656802839471 05/27/22-13:05:46.203775
    SID:2839471
    Source Port:41656
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.211.74.17435084802839471 05/27/22-13:05:16.764194
    SID:2839471
    Source Port:35084
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.125.179.7550044802839471 05/27/22-13:04:18.468033
    SID:2839471
    Source Port:50044
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.125.129.7142440802839471 05/27/22-13:06:02.686031
    SID:2839471
    Source Port:42440
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.157.202.21553570802839471 05/27/22-13:06:20.635499
    SID:2839471
    Source Port:53570
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.0.97.9252438802839471 05/27/22-13:04:08.208082
    SID:2839471
    Source Port:52438
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.47.7.3634256802839471 05/27/22-13:04:30.506288
    SID:2839471
    Source Port:34256
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.179.133.10846104802839471 05/27/22-13:04:24.372073
    SID:2839471
    Source Port:46104
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.150.101.8651304802839471 05/27/22-13:04:35.693151
    SID:2839471
    Source Port:51304
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.86.28.650582802839471 05/27/22-13:05:54.012173
    SID:2839471
    Source Port:50582
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.159.13.12043332802839471 05/27/22-13:05:54.097878
    SID:2839471
    Source Port:43332
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.69.89.22854452802839471 05/27/22-13:04:30.503603
    SID:2839471
    Source Port:54452
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.206.10460500802839471 05/27/22-13:04:18.524512
    SID:2839471
    Source Port:60500
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.115.9246792802839471 05/27/22-13:04:08.191909
    SID:2839471
    Source Port:46792
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.76.178.11651694802839471 05/27/22-13:06:20.681799
    SID:2839471
    Source Port:51694
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.168.107.1555932802839471 05/27/22-13:04:30.473653
    SID:2839471
    Source Port:55932
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.201.186.4049254802839471 05/27/22-13:06:28.379840
    SID:2839471
    Source Port:49254
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.190.201.21742914802839471 05/27/22-13:04:16.014619
    SID:2839471
    Source Port:42914
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.17.55.3033316802839471 05/27/22-13:04:01.597485
    SID:2839471
    Source Port:33316
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.67.8.5240610802839471 05/27/22-13:04:45.433835
    SID:2839471
    Source Port:40610
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.37.16645848802839471 05/27/22-13:03:47.375814
    SID:2839471
    Source Port:45848
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.106.14936712802839471 05/27/22-13:05:21.550644
    SID:2839471
    Source Port:36712
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.43.6156010802839471 05/27/22-13:04:08.228955
    SID:2839471
    Source Port:56010
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.78.17457174802839471 05/27/22-13:04:05.038544
    SID:2839471
    Source Port:57174
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.37.16645854802839471 05/27/22-13:03:47.790830
    SID:2839471
    Source Port:45854
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.159.1758962802839471 05/27/22-13:03:58.597943
    SID:2839471
    Source Port:58962
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.242.14355586802839471 05/27/22-13:04:00.918386
    SID:2839471
    Source Port:55586
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.112.1644556802839471 05/27/22-13:04:35.693366
    SID:2839471
    Source Port:44556
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.53.171.1045406802839471 05/27/22-13:05:56.346950
    SID:2839471
    Source Port:45406
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.118.152.2234928802839471 05/27/22-13:06:13.764321
    SID:2839471
    Source Port:34928
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.190.10251664802839471 05/27/22-13:04:20.624505
    SID:2839471
    Source Port:51664
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.70.198.24459710802839471 05/27/22-13:04:23.891813
    SID:2839471
    Source Port:59710
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.80.19544332802839471 05/27/22-13:04:33.112317
    SID:2839471
    Source Port:44332
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.56.150.10659840802839471 05/27/22-13:04:37.109752
    SID:2839471
    Source Port:59840
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.99.97.11844144802839471 05/27/22-13:04:47.856240
    SID:2839471
    Source Port:44144
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.210.20643696802839471 05/27/22-13:04:59.250583
    SID:2839471
    Source Port:43696
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.58.74.19638308802839471 05/27/22-13:04:08.278874
    SID:2839471
    Source Port:38308
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.239.224.256866802839471 05/27/22-13:06:31.391618
    SID:2839471
    Source Port:56866
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.239.79.4355498802839471 05/27/22-13:05:36.374792
    SID:2839471
    Source Port:55498
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.72.39.2951822802839471 05/27/22-13:06:05.131433
    SID:2839471
    Source Port:51822
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.101.253.5736330802839471 05/27/22-13:04:18.484250
    SID:2839471
    Source Port:36330
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.203.60.23138502802839471 05/27/22-13:05:05.149616
    SID:2839471
    Source Port:38502
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.249.121.1640596802839471 05/27/22-13:06:12.476180
    SID:2839471
    Source Port:40596
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.185.18943458802839471 05/27/22-13:04:45.390768
    SID:2839471
    Source Port:43458
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.121.176.1933106802839471 05/27/22-13:05:06.602903
    SID:2839471
    Source Port:33106
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.72.53.16445676802839471 05/27/22-13:06:11.062571
    SID:2839471
    Source Port:45676
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.70.156.13749788802839471 05/27/22-13:05:21.575721
    SID:2839471
    Source Port:49788
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.238.16943664802839471 05/27/22-13:04:20.645815
    SID:2839471
    Source Port:43664
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.130.157.7733788802839471 05/27/22-13:03:46.108586
    SID:2839471
    Source Port:33788
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.100.58.3560888802839471 05/27/22-13:03:53.067017
    SID:2839471
    Source Port:60888
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.2.132.12058834802839471 05/27/22-13:04:25.561928
    SID:2839471
    Source Port:58834
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.206.22.11538904802839471 05/27/22-13:04:27.907853
    SID:2839471
    Source Port:38904
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.65.111.13633458802839471 05/27/22-13:04:10.628999
    SID:2839471
    Source Port:33458
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.83.18340668802839471 05/27/22-13:04:40.388106
    SID:2839471
    Source Port:40668
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.48.176.11546760802839471 05/27/22-13:04:33.159308
    SID:2839471
    Source Port:46760
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.70.222.21041464802839471 05/27/22-13:04:08.192156
    SID:2839471
    Source Port:41464
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.141.110.11849180802839471 05/27/22-13:04:05.065436
    SID:2839471
    Source Port:49180
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.216.17.10044418802839471 05/27/22-13:05:21.561769
    SID:2839471
    Source Port:44418
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.221.101.13243424802839471 05/27/22-13:04:25.558514
    SID:2839471
    Source Port:43424
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2388.133.72.13560994802839471 05/27/22-13:05:43.394130
    SID:2839471
    Source Port:60994
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.72.33.9953148802839471 05/27/22-13:06:00.069187
    SID:2839471
    Source Port:53148
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.23112.120.127.9447642802839471 05/27/22-13:04:27.849512
    SID:2839471
    Source Port:47642
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.117.6.8243852802839471 05/27/22-13:04:37.013306
    SID:2839471
    Source Port:43852
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack
    Timestamp:192.168.2.2395.76.127.1347666802839471 05/27/22-13:04:18.517977
    SID:2839471
    Source Port:47666
    Destination Port:80
    Protocol:TCP
    Classtype:Web Application Attack